[FoRK] Microsoft Passport

Andy Armstrong andy
Thu Oct 13 10:39:08 PDT 2005


On 13 Oct 2005, at 00:07, reza at voicegenesis.com wrote:
> Based on preliminary observations, it seemed like just a bunch of  
> cookies
> going back and forth and one https POST.  BUT, though I think i've  
> duplicated
> all the appropriate Http and Https traffic (using Apache  
> HttpClient), it's
> not working :-((

Might it be that in the interests of making it invulnerable to replay  
attacks some of the information that's being exchanged is derived  
from hashes of some of the other information? What does the  
authentication data look like - apparently random data that's Base64  
encoded?

I only have experience of IE's single sign on thing but it might be  
similar.

-- 
Andy Armstrong, hexten.net



More information about the FoRK mailing list