[icq-devel] Authorization cookie



Alexandr V. Shutko AVShutko at mail.khstu.ru
Tue Dec 18 12:13:43 CET 2001


Hello Robin,
Tuesday, December 18, 2001, 8:11:55 PM, you wrote:

RF> I'm 99.99% sure the cookie is just a length of random data, that the server
RF> uses to make sure the client that got authorised is the one that connects 
RF> to the secondary server.
Yes... I think that it is random data too... But I'm using 2 MD5 hash
sums (for 2K random data) + uin (as text) so result cookie look like:
6218895BfiX7a3D8B09B:e01c261DcaD41B5BWlBa8cDc95277e970697;D8ia9
6218895BDa5e3Betef8ac9a8wx03ae11e9;D1a981afbDc84B7c0BBi2
621889501a2Oea5c5fa6BBOB6O0485f1DU18BB2DJVa6c8c5DBc6B3=EM9Be9

It is work fine..
RF> I've done some tests with a person ICQ server I wrote, and if u send a 
RF> cookie to the ICQ client of only 1 byte, or more then 256 bytes, it just 
RF> passes it on like nomal.

RF> As to storing data in it, why bother, it'd be too much effort to encode it 
RF> as well as to make it seem random, and the data can be securely passed 
RF> directly from the auth server to the regular server much more easily..
you are right... :)


RF> At 07:29 PM 17/12/2001 -0800, you wrote:
>>Those don't sound like valid cookies, then.  It's not even possible to have
>>a 1-byte cookie, because too much vital information would be missing then
>>that the server needs to use.
>>
>>
>>Gambit
>>
>>----- Original Message -----
>>From: "Alexandr V. Shutko" <AVShutko at mail.khstu.ru>
>>To: "Massimo Melina" <icq-devel at blipp.com>
>>Sent: Monday, December 17, 2001 7:20 PM
>>Subject: [icq-devel] Authorization cookie
>>
>>
>> > I found that client accepts auth cookie with sizes from 1 byte to
>> > 1024... :) Do you have any ideas how the AOL server produce it ?
>> > I'm newbie with V7 proto... Have you ever seen packets with
>> > cookie_len != 256 ?
>>
>>
>>-------------------------------------------------
>>icq-devel - The forum for ICQ protocol discussion
>>For unsubscribe and other mailing list info, see:
>>http://www.d.kth.se/~d95-mih/icq/icq-devel/

RF> ------------------------------------------------------------
RF> If vegetarians eat vegetables, what do humanitarians eat?
RF> ------------------------------------------------------------

RF> -------------------------------------------------
RF> icq-devel - The forum for ICQ protocol discussion
RF> For unsubscribe and other mailing list info, see:
RF> http://www.d.kth.se/~d95-mih/icq/icq-devel/



-- 
With respect,
Alexandr V. Shutko                           mailto:AVShutko at mail.khstu.ru





More information about the icq-devel mailing list