commit c8f2dd1e6717b7fd4f3b96874a68dde9151411b3 Author: David Fifield david@bamsoftware.com Date: Thu Dec 25 21:27:51 2014 -0800

Reduce meek-server minSessionIdLength from 32 to 8.

Relevant to #12778, we can reduce the size of requests by reducing the length of the Session-Id. Note that minSessionIdLength in meek-server is the encoded length. In base64, 8 characters represents 6 bytes or 48 bits. There would have to be about 2^24 simultaneous sessions to have a probability of collision more than half, so it still seems safe. --- meek-server/meek-server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go index 669f329..2f67ae4 100644 --- a/meek-server/meek-server.go +++ b/meek-server/meek-server.go @@ -34,7 +34,7 @@ const ( // Reject session ids shorter than this, as a weak defense against // client bugs that send an empty session id or something similarly // likely to collide. - minSessionIdLength = 32 + minSessionIdLength = 8 // The largest request body we are willing to process, and the largest // chunk of data we'll send back in a response. maxPayloadLength = 0x10000