locked
UAG Endpoint Detection hashing function inputs and algorithm RRS feed

  • Question

  • Hi,

    Can anybody confirm which hashing algorithm is used for the UAG endpoint detection checks - this is used to generate a hash value at the end of all the data sent back in SetPolicy.asp.

    We're still trying to find a solution to be able to performance test the UAGs and are currently looking at including the hashing algorithm in our LoadRunner script.

    Jason Jones did say that Microsoft wouldn't be willing to share the actual code used to generate the hash, but I've been advised that we could ask for confirmation of which algorithm is being used (e.g. SHA-1), what inputs are used (we believe this to be a cookie value and a Nonce value) and in what format (e.g. are they separated by a space, comma, etc).

    Any help would be greatly appreciated.

    Regards, Amit

    Thursday, May 26, 2011 11:20 AM

All replies

  • Jason Jones did say that Microsoft wouldn't be willing to share the actual code used to generate the hash, but I've been advised that we could ask for confirmation of which algorithm is being used (e.g. SHA-1), what inputs are used (we believe this to be a cookie value and a Nonce value) and in what format (e.g. are they separated by a space, comma, etc).

     

    To be clear, I haven't specifically gone to CSS or the product group and asked for this information; I just expect/assume they would be unwilling to share how they specifically protect against detection spoofing ;)


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Friday, May 27, 2011 12:54 AM