I've been asked by the security team how the username/password is encrypted by uaencrypt.exe.
I can see on the docs how to run the tool to encrypt the passwords - but not what type of encryption is used.
Does it use AES256 encryption?
Hi Daniel,
When uberAgent's username encryption is on, the user names are encrypted in a simple way. The aim is to achieve obfuscation and high speed. Last but not least the encryption should be reversible (symmetrical). The encrypted username can be translated to a plain username with a separate tool. So it is not very strong encryption, but good enough for most use cases.
If you need stronger encryption please have a look at what Splunk can do at index time: https://docs.splunk.com/Documentation/Splunk/latest/Data/Anonymizedata
Thanks Dominik,
Does this also apply to the password setting in the CitrixADC_config stanza?
https://uberagent.com/docs/uberagent/latest/features-configuration/citrixadc-monitoring/
I.E it's obfuscated rather than AES256 encrypted?
You're welcome. Yes, this also applies to the CitrixADC_config stanza. Note that uberAgent only needs read permissions for ADCs.