For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dubdub's avatar
dubdub
Icon for Nimbostratus rankNimbostratus
Apr 24, 2012

Cookie encryption variability

Hi all,

 

 

This may be a very stupid question... I am encrypting a cookie with a static name and value, but see in the logs that the encrypted value changes with each session. If I am using the same name, value, and passphrase for the encryption across the board, I would have expected the encrypted result to be the same; does "HTTP::cookie encrypt" include other seed factors into the encryption algorithm?

 

 

Thanks,

 

Jen

 

application delivery
dev
devops
iRules

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 25, 2012
    Hi Jen,

     

     

    The HTTP::cookie encrypt function does use a salt. So the cipher text should be different for each encryption iteration even with the same plaintext input.

     

     

    Aaron
  • Hem_66900's avatar
    Hem_66900
    Icon for Cirrus rankCirrus
    Aug 19, 2015

    Does any one happen to know what algorithm F5 uses to encrypt cookies.MD5 or SHA