[FoRK] Microsoft Passport

Andy Armstrong andy
Thu Oct 13 10:39:08 PDT 2005

On 13 Oct 2005, at 00:07, reza at voicegenesis.com wrote:
> Based on preliminary observations, it seemed like just a bunch of  
> cookies
> going back and forth and one https POST.  BUT, though I think i've  
> duplicated
> all the appropriate Http and Https traffic (using Apache  
> HttpClient), it's
> not working :-((

Might it be that in the interests of making it invulnerable to replay  
attacks some of the information that's being exchanged is derived  
from hashes of some of the other information? What does the  
authentication data look like - apparently random data that's Base64  

I only have experience of IE's single sign on thing but it might be  

Andy Armstrong, hexten.net

More information about the FoRK mailing list