[icq-devel] Authorization cookie

Alexandr V. Shutko AVShutko at mail.khstu.ru
Tue Dec 18 12:13:43 CET 2001

Hello Robin,
Tuesday, December 18, 2001, 8:11:55 PM, you wrote:

RF> I'm 99.99% sure the cookie is just a length of random data, that the server
RF> uses to make sure the client that got authorised is the one that connects 
RF> to the secondary server.
Yes... I think that it is random data too... But I'm using 2 MD5 hash
sums (for 2K random data) + uin (as text) so result cookie look like:

It is work fine..
RF> I've done some tests with a person ICQ server I wrote, and if u send a 
RF> cookie to the ICQ client of only 1 byte, or more then 256 bytes, it just 
RF> passes it on like nomal.

RF> As to storing data in it, why bother, it'd be too much effort to encode it 
RF> as well as to make it seem random, and the data can be securely passed 
RF> directly from the auth server to the regular server much more easily..
you are right... :)

RF> At 07:29 PM 17/12/2001 -0800, you wrote:
>>Those don't sound like valid cookies, then.  It's not even possible to have
>>a 1-byte cookie, because too much vital information would be missing then
>>that the server needs to use.
>>----- Original Message -----
>>From: "Alexandr V. Shutko" <AVShutko at mail.khstu.ru>
>>To: "Massimo Melina" <icq-devel at blipp.com>
>>Sent: Monday, December 17, 2001 7:20 PM
>>Subject: [icq-devel] Authorization cookie
>> > I found that client accepts auth cookie with sizes from 1 byte to
>> > 1024... :) Do you have any ideas how the AOL server produce it ?
>> > I'm newbie with V7 proto... Have you ever seen packets with
>> > cookie_len != 256 ?
>>icq-devel - The forum for ICQ protocol discussion
>>For unsubscribe and other mailing list info, see:

RF> ------------------------------------------------------------
RF> If vegetarians eat vegetables, what do humanitarians eat?
RF> ------------------------------------------------------------

RF> -------------------------------------------------
RF> icq-devel - The forum for ICQ protocol discussion
RF> For unsubscribe and other mailing list info, see:
RF> http://www.d.kth.se/~d95-mih/icq/icq-devel/

With respect,
Alexandr V. Shutko                           mailto:AVShutko at mail.khstu.ru

More information about the icq-devel mailing list