[tor-commits] [meek/master] Reduce meek-server minSessionIdLength from 32 to 8.

[dcf at torproject.org]

commit c8f2dd1e6717b7fd4f3b96874a68dde9151411b3
Author: David Fifield <david at bamsoftware.com>
Date:   Thu Dec 25 21:27:51 2014 -0800

    Reduce meek-server minSessionIdLength from 32 to 8.
    
    Relevant to #12778, we can reduce the size of requests by reducing the
    length of the Session-Id. Note that minSessionIdLength in meek-server is
    the encoded length. In base64, 8 characters represents 6 bytes or 48
    bits. There would have to be about 2^24 simultaneous sessions to have a
    probability of collision more than half, so it still seems safe.
---
 meek-server/meek-server.go |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index 669f329..2f67ae4 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -34,7 +34,7 @@ const (
 	// Reject session ids shorter than this, as a weak defense against
 	// client bugs that send an empty session id or something similarly
 	// likely to collide.
-	minSessionIdLength = 32
+	minSessionIdLength = 8
 	// The largest request body we are willing to process, and the largest
 	// chunk of data we'll send back in a response.
 	maxPayloadLength = 0x10000