From 1a004c24cd67541fe5f6faa0d066a9ef72703793 Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 22 Apr 2024 15:42:34 -0700 Subject: [PATCH] Minor fix Signed-off-by: Tommy --- content/posts/linux/ChromeOS Questionable Encryption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/linux/ChromeOS Questionable Encryption.md b/content/posts/linux/ChromeOS Questionable Encryption.md index ac968e4..b275717 100644 --- a/content/posts/linux/ChromeOS Questionable Encryption.md +++ b/content/posts/linux/ChromeOS Questionable Encryption.md @@ -9,7 +9,7 @@ author: Tommy ChromeOS encrypts user data on the disk by default. The encryption key is protected using a number of factors, which is documented in the [ChromeOS Documentation](https://www.chromium.org/developers/design-documents/tpm-usage/#TOC-Protecting-User-Data-Encryption-Keys). -Essentially, the user's Google account password, when typed into a the Chromebook with the security chip intact (be it the TPM, Titan C, or some other chips), will give the encryption key to unlock their files. As such, for confidentiality, it is important that the user's Google account password is never exposed to an attacker. If the threat model requires protection against Google or an attacker who has compromised their servers, the password should be hashed client side before being sent to Google's server. +Essentially, the user's Google account password, when typed into a the Chromebook (with the security chip intact - be it the TPM, Titan C, or some other chips), will give the encryption key to unlock their files. As such, for confidentiality, it is important that the user's Google account password is never exposed to an attacker. If the threat model requires protection against Google or an attacker who has compromised their servers, the password should be hashed client side before being sent to Google's server. ## What Happens in Practice