Hi, I've been slowly deploying SSL decryption in my organization and have received concerns that I'm decrypting passwords and other sensitive data for lastpass or 1password apps. Which this leads me to my question. Do I actually have access to the decrypted data? I can see that traffic is being decrypted and as I've poked around in the URL filter and traffic logs I haven't seen anything that resembles credentials.
Thanks,
J
The answer is yes and no :) since you're decrypting you can packet capture just about everything This is why it is good practice to exclude certain sensitive categories (financial, personal,...) Sites from decryption so you don't break any privacy laws On the bright side, many sites and security providers have switched to a mechanism that doesn't require an actual password to be sent but rather rely on some hash to match the hash stored somewhere else: -lastpass's master password actually opens a local database, so no password is ever sent, only the database is synced) -when logging on to a website you type your password locally, a hash is created locally and transferred, and then the website compares the hash -a cookie or token can be stored locally in lieu of a password also