Re: [hybi] why did rfc6455 choose the 16-byte sec_websocket_key
John Tamplin <jat@google.com> Mon, 27 February 2012 15:04 UTC
Return-Path: <jat@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D42121F86DF for <hybi@ietfa.amsl.com>; Mon, 27 Feb 2012 07:04:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.976
X-Spam-Level:
X-Spam-Status: No, score=-102.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a0DiaBfpycbJ for <hybi@ietfa.amsl.com>; Mon, 27 Feb 2012 07:04:58 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id D65A221F86C4 for <hybi@ietf.org>; Mon, 27 Feb 2012 07:04:57 -0800 (PST)
Received: by vbbez10 with SMTP id ez10so1210995vbb.31 for <hybi@ietf.org>; Mon, 27 Feb 2012 07:04:57 -0800 (PST)
Received-SPF: pass (google.com: domain of jat@google.com designates 10.220.157.83 as permitted sender) client-ip=10.220.157.83;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of jat@google.com designates 10.220.157.83 as permitted sender) smtp.mail=jat@google.com; dkim=pass header.i=jat@google.com
Received: from mr.google.com ([10.220.157.83]) by 10.220.157.83 with SMTP id a19mr9151010vcx.54.1330355097489 (num_hops = 1); Mon, 27 Feb 2012 07:04:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-system-of-record; bh=g+LCclZGYukkpLurW+z+rUY/jvdY+TM2iZtgJ1tKcc4=; b=bKgTybKgtSKEZ3gzEigvR3/KbbdAwId7Ci3zjrpt/WfrWymL+fE58dveO19YLj75Mt NxjcQicnd0Zc2UyHrYK7QfDdPA40F2IbmbO8VQEuRc48m/qodEG6evx6eFlP4BslYw+H JVQLEOik72FzSZgFiMMbhpQbtJ3dBMt/75ZNI=
Received: by 10.220.157.83 with SMTP id a19mr7350215vcx.54.1330355097426; Mon, 27 Feb 2012 07:04:57 -0800 (PST)
Received: by 10.220.157.83 with SMTP id a19mr7350190vcx.54.1330355097285; Mon, 27 Feb 2012 07:04:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.220.117.132 with HTTP; Mon, 27 Feb 2012 07:04:37 -0800 (PST)
In-Reply-To: <CAJoFd67tcWX=ePWoFURZhYwiJfSmGZrJGQE3vsyFCni5QonJ8w@mail.gmail.com>
References: <CAJoFd64KsUOSd2qgymoUL+YP45aj1_xMz9Eva-aP+VXOBNtR8Q@mail.gmail.com> <CABLsOLAAahj0h=ZSWmeY9Pe5G5ih0+cQgZZDJNK6zZPUA8Z0Wg@mail.gmail.com> <CAJoFd67tcWX=ePWoFURZhYwiJfSmGZrJGQE3vsyFCni5QonJ8w@mail.gmail.com>
From: John Tamplin <jat@google.com>
Date: Mon, 27 Feb 2012 10:04:37 -0500
Message-ID: <CABLsOLA8Zxmr+v6ss3KzsYv8wPTXO=HRqAjFZ8SC8Lc2Gby3-g@mail.gmail.com>
To: Juan Li <ruoqiu.lee@gmail.com>
Content-Type: multipart/alternative; boundary="f46d043c07beffb44004b9f36ea8"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQmB/vmSGA34vYLzGI6pee4WqyoR6fw/iq0aTtxVMD74tapohJWlEXHjtvFM/rTB+HJStyJNgEWWuCCCc6qIrQiw/vMfCch0A3HR1S9Xqg/oF2UjsFzGFIQjQq/zMSf0BJ/KNlq+
Cc: hybi@ietf.org
Subject: Re: [hybi] why did rfc6455 choose the 16-byte sec_websocket_key
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2012 15:04:58 -0000
On Mon, Feb 27, 2012 at 9:38 AM, Juan Li <ruoqiu.lee@gmail.com> wrote: > What kind of security implications? eg., how do that kind of security > problems happen? > The probability of guessing the key is inversely proportional to the number of possible keys. The primary point is to make sure that the server actually speaks the WebSocket protocol, so the security implication would be allowing an attacker to use a WebSocket client (which will run in every browser and be able to connect to any server, since it is not subject to same-origin policy) to attack a non-WebSocket server if he can somehow trick the client into thinking it is a WebSocket server. A smaller key would increase the probability of generating a collision in the Sec-WebSocket-Accept, which means a server that can be made to echo back attacker-controlled values but which does not implement the WebSocket handshake could be made to pass the handshake anyway. Again, this happens once per connection, so the size isn't a significant concern. -- John A. Tamplin Software Engineer (GWT), Google