mask

mask key 是32bits 的 随机数。

防止数据在电线上被监听探测

RFC 4086 [RFC4086] discusses what entails a suitable source of entropy for security-sensitive applications.

The unpredictability of the masking key is essential to prevent authors of malicious applications from selecting the bytes that appear on the wire.

The masking does not affect the length of the "Payload data". To convert masked data into unmasked data, or vice versa, the following algorithm is applied. The same algorithm applies regardless of the direction of the translation, e.g., the same steps are applied to mask the data as to unmask the data.

Octet i of the transformed data ("transformed-octet-i") is the XOR of
octet i of the original data ("original-octet-i") with octet at index
i modulo 4 of the masking key ("masking-key-octet-j"):

 j                   = i MOD 4
 transformed-octet-i = original-octet-i XOR masking-key-octet-j

The payload length, indicated in the framing as frame-payload-length,
does NOT include the length of the masking key. It is the length of
the "Payload data", e.g., the number of bytes following the masking
key.