[5576] in cryptography@c2.net mail archive
Microsoft passport
daemon@ATHENA.MIT.EDU (Justin F Chapweske)
Sun Sep 12 18:36:16 1999
Date: Sun, 12 Sep 1999 15:58:30 -0500 (CDT)
From: Justin F Chapweske <chapwesk@zeus.ulysses.net>
To: cryptography@c2.net
You may be recieving this twice, but I got a bounce last time I tried to
send it....
Anyway, I am writing a program to do distributed dictionary attacks
against CRAM style authentication and was attempting to enumerate all
protocols that used CRAM and I ran across a new auth mechanism
that MS is using for single sign-on to hotmail and Microsoft
Money and some other MSN sites..its called Microsoft Passport....I
searched all over Microsoft's site for technical information on it so that
I could evaluate it for weaknesses. So the question is:
Does anyone have any technical details on Microsoft Passport?
I would greatly appreciate them as I would enjoy throwing more mud in
Microsoft's eye.
-Justin Chapweske
