swa66 - 8:07 pm on Oct 18, 2012 (gmt 0)
md5 "encrypted". That's a new one.
md5 is a one-way hash function, a quite broken one as well.
Essentially it is a checksum:
You send some values and you calculate the hash of it concatenated with a salt (the "md5key").
The other side knows the values, the salt and can calculate the hash themselves to see if the one you provided is the same as they calculated.
Now there are tricky bits in there:
- e.g. the DATE: they can -to protect against replays not use the date you supply, but the date they know it is
- e.g. using a different order or different salt than they expect is enough to give different results in the hash and them not accepting it at all.
The response you seem to get tells you the hash was rejected.