PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Minor fix

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-04-22 15:42:34 -07:00
parent 7ca13bc602
commit 1a004c24cd
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/linux/ChromeOS Questionable Encryption.md
View File

@ -9,7 +9,7 @@ author: Tommy
ChromeOS encrypts user data on the disk by default. The encryption key is protected using a number of factors, which is documented in the [ChromeOS Documentation](https://www.chromium.org/developers/design-documents/tpm-usage/#TOC-Protecting-User-Data-Encryption-Keys).
Essentially, the user's Google account password, when typed into a the Chromebook with the security chip intact (be it the TPM, Titan C, or some other chips), will give the encryption key to unlock their files. As such, for confidentiality, it is important that the user's Google account password is never exposed to an attacker. If the threat model requires protection against Google or an attacker who has compromised their servers, the password should be hashed client side before being sent to Google's server.
Essentially, the user's Google account password, when typed into a the Chromebook (with the security chip intact - be it the TPM, Titan C, or some other chips), will give the encryption key to unlock their files. As such, for confidentiality, it is important that the user's Google account password is never exposed to an attacker. If the threat model requires protection against Google or an attacker who has compromised their servers, the password should be hashed client side before being sent to Google's server.
## What Happens in Practice