Masking is not cryptographically secure - Githubissues

dart-lang / web_socket_channel

StreamChannel wrappers for WebSockets.

https://pub.dev/packages/web_socket_channel

BSD 3-Clause "New" or "Revised" License

412 stars 107 forks source link

Masking is not cryptographically secure #334

Closed danielgrad closed 3 months ago

danielgrad commented 3 months ago

The random number generator used for masking frames is not cryptographically secure:

https://github.com/dart-lang/web_socket_channel/blob/3db86bc0a09e1038a0fa418262c8a92211c5de69/lib/src/copy/web_socket_impl.dart#L28 https://github.com/dart-lang/web_socket_channel/blob/3db86bc0a09e1038a0fa418262c8a92211c5de69/lib/src/copy/web_socket_impl.dart#L508-L514

This is a security concern (CWE-331), and deviates from RFC 6455 section 10.3:

Clients MUST choose a new masking key for each frame, using an algorithm that cannot be predicted by end applications that provide data. For example, each masking could be drawn from a cryptographically strong random number generator.

brianquinlan commented 3 months ago

This has been fixed in dart:io for over 7 years but it looks like the change never made it here despite the last import being 6 years ago.