Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2025-08-07 22:02:11 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update ChromeOS Questionable Encryption

Browse source
This commit is contained in:
wj25czxj47bu6q 2024-04-25 10:36:51 +00:00
parent 5c17b00a3d
commit 412f740b66
3 changed files with 28 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
content/posts/knowledge/ChromeOS Questionable Encryption/google-login.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 278 KiB

28
content/posts/knowledge/ChromeOS Questionable Encryption/index.md Normal file
View file

@ -0,0 +1,28 @@
---
title: "ChromeOS's Questionable Encryption"
date: 2024-04-25
tags: ['Operating Systems', 'ChromeOS', 'Security']
author: Tommy
---
## Premise
ChromeOS encrypts user data on the disk by default. The implementation details are [documented upstream]("TPM Usage — The Chromium Projects" https://www.chromium.org/developers/design-documents/tpm-usage/#TOC-Protecting-User-Data-Encryption-Keys) but not relevant within the scope of this post.
It is well-known that ChromeOS uses Google account passwords as the primary login credentials. This necessarily means that anyone with knowledge of the Google account password is able to unlock and therefore decrypt a ChromeOS user profile.
## Practical Implications
The very same Google account passwords used for ChromeOS authentication are also used for logging in to various Google services in web browsers and other apps. After a quick investigation with browser dev tools:
![Google Login](google-login.jpg)
…it turns out that passwords are submitted to Google servers in plaintext (see "mygloriouspassword" in the Form Data). As a result, someone with sufficient access to Google's servers would theoretically be able to obtain the actual, unhashed password for a given Google account. It follows that an adversary with physical access would be able to unlock and decrypt ChromeOS user data with cooperation from Google.
This differs from how encryption passwords are handled by other services like cloud‑based password managers — using _client‑side hashing_. Client‑side hashing is a technique to deliberately blind the server from the actual password. As the name suggests, the browser locally executes a cryptographic hash function on the actual password and only transmits the _resultant hash_ to the server for authentication.
## Takeaways
If Google is malicious, coerced by the government, or hacked, their servers can record the user password prior to it being hashed. That password can then be used to gain access to the files on ChromeOS hardware if the adversary gains physical access.
Just to be clear, this is not a vulnerability. It's just how the system is designed.