CODE FIX -- A better method for secure random padding the DNS payload

[gripedthumbtacks]

Currently the padding takes only one random char and duplicates it to pad the DNS request payload. Ideally, each padding char should be randomized and the payload should also fill up to the MAX size of the DNS request size allowed, such that all DNS queries received are the same size MAX. This is to deter statistical analysis of the HTTPS payload for short domains such as foo.com versus really-long-domain-name-here.com. Here is some sample code to fix the current padding issue that can be patched up a little and integrated back to resolve the current problem. You can also see the sample output of the current versus the new solution. The padding is also updated to include the allowed padding chars for the Google DNS over HTTPS API.

package main

import "fmt"
import "math/rand"
import "time"
import "strings"

const padChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~"

func main () {
  /* BAD PADDING */
  fmt.Printf("%s","BAD: ")
  fmt.Printf("%s",strings.Repeat(string(65+rand.Intn(26)), rand.Intn(500)))

  /* BETTER PADDING */
  initRand()
  fmt.Printf("\n\n%s","BETTER: ")
  fmt.Printf("%s\n",getPaddedStr(500))
}

func getPaddedStr(n int) string {
    s := make([]byte, n)
    for i := range s {
        s[i] = padChars[rand.Intn(len(padChars))]
    }
    return string(s)
}

func initRand() {
    rand.Seed(time.Now().UnixNano())
}

$ go run test.go
BAD: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

BETTER: SdS8ZICmhenQ6F1ILVG.Z959tj223~bWK-oo0sqd.K-uy5vwZAeSAeWRuvhgwXIH8-jBqRWmPCrfXpEv-f4K-x538W-yFhrTebczuZ0I2pH5AwM_opFztlek0cFb_~noZKWHeRwMJSUs3D~nIMqS-.yMge3ix610kygd2nSWTm736eGbFkOa5x_PjCNkTn7zqe47s44WgChnnSV6-IyuDJMM1aUYYT3OroObdkD8-chcM2TfPOLdZ61qmpaz_GYmz2FaLmBXCghp06~oNFIfv413LZC2M.BJpcW~HJ0Gp2vbLn5IAJ7GAwctodLXUxH4b12xrC3PCXGUJW3YKlP_VAnONcf3NSTdWTjpNqp1oEemKEUegaRqUWatpoy463mzMx~-oFD2yD28PRt.I-yJv0v8TEnQVc6K32ZY88lwKEgT-2jFMVhLwFt7dLrb-P7VX0kurl0Wx7iUleqpNEx4h71HfMpyslGEyx.8iYMrcigmBk1KJ306

[Opensourcecommunitydevelopment]

tHe whole query String should be eQual size.
getPaddedStr(259-len(qname)-len(string(qtype))))

???len????
resolving github.com./TXT
len %!s(int=16) 1

resolving github.com./ANY
len %!s(int=255) 2

resolving github.com./A
len %!s(int=1) 1

[gripedthumbtacks]

@Opensourcecommunitydevelopment good catch