> Some other people might be thinking "How can can I hack a fake key > attributable to someone else's Google Account" ... so I don't suppose > Google will be in any hurry to disclose the mechanisms ! Of course you're right, but... based on the words given by Google boys - they use only 'domain' section while processing the key from the remote domain. Any ideas - WHY did they combine an username inside the key, too? :) I do believe in their words, but it is a huge security hole - shouting your own key across the Internet (while it is not necessary, as they said) every time you use GM, and everyone would easily sniff it.
It is just a question of time to see the reports "Hey bro, I've bruteforced another's Google account!!!". Back to our sheeps - above was the question of retrieving the "domain" value, but not the "user" one. As for me, yet I see nothing illegal there - the "domain2key" generator is available to everyone, for free and without any known limits. Anyone free to test the process "string2hash" as long as they want - and they'll guess the whole mechanism sooner or later. PS: this one also interesting and related to the subject: http://groups.google.com/group/Google-Maps-API/browse_thread/thread/c84f3b3dfd277e9b/f9e3c5ad3cbda4d7?#f9e3c5ad3cbda4d7 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
