User Tools

Site Tools


chromium-os

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
chromium-os [2010/12/06 23:48] cedricchromium-os [2010/12/06 23:53] cedric
Line 3: Line 3:
   * people can fully use Chromium OS without needing a Google login (fine);   * people can fully use Chromium OS without needing a Google login (fine);
   * plan to give SSO experience at OpenID relying parties;   * plan to give SSO experience at OpenID relying parties;
-  * user name will be hashd HASH(salt||user@domain.com). Web-based user name may contain characters that are not safe for use on the file system (nice side effect for the security).+  * user name will be hashed HASH(salt||user@domain.com). Web-based user name may contain characters that are not safe for use on the file system (nice side effect for the security).
  
 ====== Security ====== ====== Security ======
Line 15: Line 15:
     * Google plan is to use a 8192-bit RSA key with SHA-512 for the root key signatures (NIST recommends the use of RSA 2048/SHA-256 or higher as the signature algorithm for use after 12/31/2010);     * Google plan is to use a 8192-bit RSA key with SHA-512 for the root key signatures (NIST recommends the use of RSA 2048/SHA-256 or higher as the signature algorithm for use after 12/31/2010);
     * signin keys will change offently (Google plan to use 1024-bit RSA keys which provides a good speed/performance trade-off);     * signin keys will change offently (Google plan to use 1024-bit RSA keys which provides a good speed/performance trade-off);
 +
 +
 +//
 +The image encryption key for the dm-crypt device is generated randomly during setup using the randomness generator provided by the kernel, and if supported, seeded by a hardware random number generator. It is then encrypted with a partial cryptographic hash derived from the user's Google Accounts password and stored with the encrypted image on the underlying file system. On login, the encryption key is decrypted, and the encrypted image is mounted over the user's home directory. If the user's password changes, the image encryption key is re-encrypted with a new weak hash generated from the new passphrase. There are still some outstanding issues around what happens if a user changes her password from a non-Chromium OS machine....//
  
  
chromium-os.txt · Last modified: 2010/12/14 22:37 by cedric