![]() ![]() So the only way for someone to know your password is if they know your password. Chrome stores all the sign-on secrets into the internal database file called Web data in the current user profile folder. that password is encrypted with your Windows password.that password is encrypted with a random password.a random password is generated to encrypt the password.That is because Windows takes care of all of that. You'll notice that i never needed to supply a password. Plaintext: correct battery horse staple.But if i invent a pseudo-language that somewhat can be decipherable as any programming languge, Chrome calls: CryptProtectData( The details of calling it is less important. There is a Windows function, CryptProtectData, which is used to encrypt any arbitrary data you like. Chrome does not have a master key used to encrypt anything. Chrome does not encrypt your passwords itself. Of course i left out the technical details. concatenate the encrypted session key, the encrypted password, and the MACĪnd Chrome saves that blob to its SQLite database.īut to answer your question: Where does the encryption key come from?Įach password is encrypted with a different randomly generated key The Technical Details.generate a Message Authentication Code (HMAC) for the encrypted data. ![]() encrypt the session key with the user's RSA public key. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |