Is it possible to intercept and decrypt SSL/TLS traffic?

A

Alexey P2018-07-05 15:18:45

Information Security

Alexey P, 2018-07-05 15:18:45

I wanted to make my own authentication for my site. I found several articles that suggest caching the password before sending it to the server. And I suddenly became interested in how other sites transmit my passwords. I looked at three interesting sites Google, Yandex, Bitbucket and saw that they all transmit the password in POST requests in clear text.

How realistic is it to intercept and decrypt encrypted traffic? I read that the Chinese are building IT cities for this, but some cool hacker will not build his own town for this?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

Maxim Grishin, 2018-07-05
@vesper-bot

Not "cache", but "hash", and with salt. It might make sense if this hashing was applied over an insecure channel. Sending raw data (password in plain text) via SSL/TLS will not make it possible to intercept and decrypt the traffic (in a reasonable time) sitting on the data channel, so you don’t have to worry about protecting the transmitted text at the L7 level if the connection is protected by strong cryptography on L4.