[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [meek/master] Reduce meek-server minSessionIdLength from 32 to 8.
commit c8f2dd1e6717b7fd4f3b96874a68dde9151411b3
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date: Thu Dec 25 21:27:51 2014 -0800
Reduce meek-server minSessionIdLength from 32 to 8.
Relevant to #12778, we can reduce the size of requests by reducing the
length of the Session-Id. Note that minSessionIdLength in meek-server is
the encoded length. In base64, 8 characters represents 6 bytes or 48
bits. There would have to be about 2^24 simultaneous sessions to have a
probability of collision more than half, so it still seems safe.
---
meek-server/meek-server.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index 669f329..2f67ae4 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -34,7 +34,7 @@ const (
// Reject session ids shorter than this, as a weak defense against
// client bugs that send an empty session id or something similarly
// likely to collide.
- minSessionIdLength = 32
+ minSessionIdLength = 8
// The largest request body we are willing to process, and the largest
// chunk of data we'll send back in a response.
maxPayloadLength = 0x10000
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits