cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User name Cookie

ulf_thorn222
Inactive

Hi

I'm curious if there's anyone that has had any success in decoding the LTPA cookie that IBM throws around.

Apparently it holds lots of information and should be able to decode (plenty of refs on Google), but I haven't been very successful so far.

If you did get it to play, could you please share the deatils and also what version of LTPA you were using?

5 REPLIES 5

adam_piotrowicz
Dynatrace Pro
Dynatrace Pro

Ulf,

If no one got back to you feel free to share packet example do we can help you with that from scratch.

ulf_thornander3
Inactive

Sent it to you in an email

adam_piotrowicz
Dynatrace Pro
Dynatrace Pro


As:


The LTPA cookie is encrypted with a 3DES key in
DESede/ECB/PKCS5Padding mode. If you are extracting the key from a Websphere or
other IBM server the key is likely protected with a password. The real key is
encrypted also using 3DES in DESede/ECB/PKCS5Padding mode with the SHA hash of
the supplied password padded with 0X0 up to 24 bytes. To decrypt the actual
token you can take the password, generate a 3DES key, decrypt the encrypted key
and then decrypt the cookie data. There is also a public/private key pair being
used to sign the cookie.

it would require HTTP analyzer to be able to read the key end decrypt the data.

Thus this is RFE.

P.S. And of course it has nothing to do with SSL decryption ...

Can do a RFE but how much job is it to get the JAVA decode stuff into the CAS?

As I see it, this cookie turns up at all IBM shops (Websphere, Notes and Webseal) so there "should" be a demand for it. Or am I chasing windmills 🙂 ?

First of all ever, it will be happening on the AMD that will be doing like-SSL decryption of this cookie value using extracted key ...

It's nothing that could be configured or another mechanism adopted to do it.

RFE is the only way in here.