undefined | Better HN

0 pointsdeong12y ago0 comments

> Same user experience without exposing private data.

Google also knows your Google account password. If you can decrypt the data using any deterministic function of your Google password, then so can Google, so there's no additional security gained. They probably already store your wifi password encrypted -- it's just when the device asks for it, Google decrypts it and sends it back to you. So in all likelihood, they're already doing what you want.

They could have done it by asking the user to provide a new unique password that would have to be entered on each new device. That would provide additional security as only the device could decrypt the password. However, (a) because such a password would only be used once or twice a year at most, no one would remember it and the whole feature would be useless, and (b) you still have to trust Google to not send the password after the device decrypts it, and if you trust the OS vendor to not backdoor the OS, you might as well trust them to not backdoor their own servers to access the same data.

0 comments

4 comments · 1 top-level

DougWebb12y ago· 3 in thread

Google also knows your Google account password. If you can decrypt the data using any deterministic function of your Google password, then so can Google, so there's no additional security gained.

Probably, but not necessarily. All they need to know is the hash of your password. When you set up a new device, it can call out to Google to authenticate without sending a cleartext password (similar to HTTP's Digest auth). Once you've authenticated and retrieved your encrypted settings, the password can be used locally to decrypt the settings. The password never has to leave the device.

If they haven't done it this way (and unless the article's author knows something, I don't think you can tell if they're doing it this way or not from observed behavior) they're either (a) lazy or (b) nefarious. I'm guessing lazy, since that's the reason for most developers who implement poor security... they just don't spend enough time thinking about security of the features they're working on.

CJefferson12y ago

With your design, a user with a lost password also loses all their data. While that might be better from a security perspective, I can't remember the last time I used a system that did not keep all my data when I set a new password, without having the old one. Such a thing would annoy many users.

teraflop12y ago

Not all their data, necessarily, just sensitive stuff like passwords.

deongOP12y ago

True, but I was thinking more along the paranoid lines of someone who would think it was a huge scandal that Google might know your wifi password. If you distrust Google enough to be really worried about that, then I'm not sure why you'd trust an Android phone or a Chrome browser to not capture your plaintext password. There are all sorts of ways that Google might have access to your password, but those are a couple of ways in which they must. It's only trust that lets most of us not worry about it.

j / k navigate · click thread line to collapse