You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If HTTP compression is enabled on the server, it might be possible that the use of chaff could be detected by observing the compression potential of valid vs chaff responses.
For example, if a valid response is 64 bytes of JSON text, that will likely compress to a significantly smaller size than 64 bytes of data with a higher degree of entropy. So, if the tracker is recording the response payload size prior to the application of compression by the server, the corresponding implications from data compression will not be accounted for when generating the chaff response size.
I wanted to toss this out there as a possible idea just in case it was overlooked. Happy to talk it through further if you'd like. :)
The text was updated successfully, but these errors were encountered:
If HTTP compression is enabled on the server, it might be possible that the use of chaff could be detected by observing the compression potential of valid vs chaff responses.
For example, if a valid response is 64 bytes of JSON text, that will likely compress to a significantly smaller size than 64 bytes of data with a higher degree of entropy. So, if the tracker is recording the response payload size prior to the application of compression by the server, the corresponding implications from data compression will not be accounted for when generating the chaff response size.
I wanted to toss this out there as a possible idea just in case it was overlooked. Happy to talk it through further if you'd like. :)
The text was updated successfully, but these errors were encountered: