[Development] websockets (was RE: Qt 5.3 Feature freeze is coming quite soon...)

Kurt Pattyn pattyn.kurt at gmail.com
Tue Feb 11 00:03:18 CET 2014 

On 10 Feb 2014, at 20:17, Thiago Macieira <thiago.macieira at intel.com> wrote:

> Em seg 10 fev 2014, às 19:54:18, Kurt Pattyn escreveu:
>> Well, this is what I propose: use a delegate class that handles the creation
>> of a random 32-bit number. This would avoid having to subclass QWebSocket
>> just to overwrite the randomiser.
> 
> I don't think we need a class. We just need to make qrand() better.
I suppose you mean in Qt. I will use the following (fixed) implementation for
QWebSocket, leaving the option open to add virtual methods or delegates or whatever
in a later version (if ever needed).
All in all, by running QWebSocket over SSL, then this potential problem does not occur.

//initialization
 #ifdef Q_CC_MINGW
    //cannot rely on the entropy method
    //clang and gcc always return 0 even though the device is non-deterministic
    //Visual Studio always returns 32
    //MingW gcc4.8 always returns 0; it uses rand() instead of the Windows CryptoAPI
    //(this is a bug)
    //if (randomDevice.entropy() < 0.5) {
        std::srand(std::time(0));
        auto seeder = std::rand;
    //}
#else
    std::random_device randomDevice;
    auto seeder = std::ref(randomDevice);
#endif
    std::array<int, std::mt19937::state_size> seed_data;
    std::generate_n(seed_data.data(), seed_data.size(), seeder);
    std::seed_seq seq(std::begin(seed_data), std::end(seed_data));

    std::mt19937 randomizer(seq);

//effective use
   quint32 randomNumber = randomizer();

I also added the following warning in the documentation:

     \warning To generated masks, this implementation of WebSockets uses a
    \l {http://en.wikipedia.org/wiki/Mersenne_twister}{Mersenne Twister 19937} pseudo random number
    generator, seeded by a sequence of numbers generated by a true random number generator.
    It uses the \l {http://en.cppreference.com/w/cpp/numeric/random}
    {std C++11 random number generation facilities} and more specific
    \l {http://en.cppreference.com/w/cpp/numeric/random/mersenne_twister_engine} {std::mt19937} and
    \l {http://en.cppreference.com/w/cpp/numeric/random/random_device} {std::random_device}.
    If a random device is not present or if its entropy is lower than 0.5,
    it reverts to the cryptographically weaker \e std::rand() function.
    For more information about the importance of good masking,
    see \l {http://w2spconf.com/2011/papers/websocket.pdf}.
    The best measure against attacks mentioned in the document above,
    is to use QWebSocket over a secure connection (\e wss://).
    In general, always be careful to have 3rd party script access to
    a QWebSocket in your application.

Konrad, for people that are really paranoid, they can use SSL and disallow third-party scripts.
Wouldn’t this be sufficient for now, knowing that we can always add functionality
in a later version (when ever required)?

Cheers,

Kurt

> 
> -- 
> Thiago Macieira - thiago.macieira (AT) intel.com
>  Software Architect - Intel Open Source Technology Center
> 
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development

More information about the Development mailing list