AutobahnJS WAMP CRA issues

#1

We have a fully functional WAMP v2 system with multiple client types. Recently, we undertook adding a webapp based on AutobahnJS and am having some issues connecting to the server. We have multiple clients that are connecting via WAMP v2 CRA with challenge response times less than 1s. AutobahnJS goes through the Hello message cycle just fine, receives the Challenge message, and then the client just hangs, with nothing coming back to the server. I’ve let it run for more than 30 minutes and it just chugs away.

Given the ubiquity with which others appear to be using AutobahnJS, any ideas as to what the problem could be?

Thanks,

Ron

0 Likes

#2

Update on what we’ve found: AutobahnJS assumes SHA256 for CRA hashing functions. We’re using SHA1 for legacy client compatibility. I believe the WAMP spec allows for specifying the CRA encryption mechanism, but I need to review this again.

AutobahnJS does miscalculate the keylength by assuming the length is reported in bytes (keylength in the Callback message is in bits, which is the standard length description for cryptography).

With those changes, we were still seeing far too much time being taken in the hashing function even though it is orders of magnitude less than the initial experience. Looking into the hashing performance of crypto-js reveals that crypto-js is uniquely unsuited compared to other JS cryptography libraries for hashing because it is non-linear in time with regards to key length / number of iterations. Replacing crypto-js with forge for the hashing functionality improved performance of the CRA callbacks to a couple seconds as compared to minutes with crypto-js.

0 Likes