hackergrrl
commented
10 months ago I thought about it some more, and realized that encrypting the payload length doesn't really help much: a sniffer could determine the length of any single sent payload. So this new commit keeps the u32 length prefix, but doesn't bother encrypting it, shaving 16 bytes off of each payload's overhead.
Prior to this change, messages would have erroneously been limited to 65535 bytes, which was NOT the intention! 😳
I considered using varints for this, but realized that the receiving end would have no way of knowing how many bytes to decrypt in advance, to read the varint.