From 7ca13bc6025b46161b85dc8153c161dd16fcfd0a Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 22 Apr 2024 15:40:03 -0700 Subject: [PATCH] Minor fixes Signed-off-by: Tommy --- content/posts/linux/ChromeOS Questionable Encryption.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/posts/linux/ChromeOS Questionable Encryption.md b/content/posts/linux/ChromeOS Questionable Encryption.md index 7752ca5..ac968e4 100644 --- a/content/posts/linux/ChromeOS Questionable Encryption.md +++ b/content/posts/linux/ChromeOS Questionable Encryption.md @@ -7,9 +7,9 @@ author: Tommy ## How ChromeOS Encryption Works -ChromeOS encrypts user data on the disk by default. The encryption key is protected using a number of factors, which is documented in the [ChromeOS Documentation](https://www.chromium.org/chromium-os/chromiumos-design-docs/protecting-cached-user-data/). +ChromeOS encrypts user data on the disk by default. The encryption key is protected using a number of factors, which is documented in the [ChromeOS Documentation](https://www.chromium.org/developers/design-documents/tpm-usage/#TOC-Protecting-User-Data-Encryption-Keys). -Essentially, the user's Google account password, when typed into the Chromebook (with the TPM and what-not intact), will give the encryption key to unlock their files. As such, for confidentiality, it is important that the user's Google account password is never exposed to an attacker. If the threat model requires protection against Google or an attacker who has compromised their servers, the password should be hashed client side before being sent to Google's server. +Essentially, the user's Google account password, when typed into a the Chromebook with the security chip intact (be it the TPM, Titan C, or some other chips), will give the encryption key to unlock their files. As such, for confidentiality, it is important that the user's Google account password is never exposed to an attacker. If the threat model requires protection against Google or an attacker who has compromised their servers, the password should be hashed client side before being sent to Google's server. ## What Happens in Practice @@ -17,10 +17,10 @@ I was a bit curious as to whether any client side hashing is done when you log i ![Google Login](/images/google-login.jpg) -As you can see in the screenshot, the login password is submitted directly to Google's server. +As you can see in the screenshot, the login password "mygloriouspassword" is submitted directly to Google's server as part of the payload. ## What This Means -Essentially, this means that if Google is malicious, coerced by the government, or is hacked, their server can record the user password prior to it being hashed. That password can then be used to gain access to the files on the hardware when the attacker gains physical access. +Essentially, this means that if Google is malicious, coerced by the government, or hacked, their servers can record the user password prior to it being hashed. That password can then be used to gain access to the files on the hardware when the attacker gains physical access. Just to be clear here, this is not a vulnerability, it's just how the system is designed. \ No newline at end of file