Even without naming the companies involved, it's very hard to imagine they are inserting backdoors in less-valued products while somehow missing the crown jewels of Windows and TPM.
I keep finding myself in the awkward position of trying to refute conspiracy theories, but not being at liberty to share everything I know about these scenarios (I really need to work somewhere besides DC), so I'll tread lightly.
Taking for granted that the NSA actually backdoored TPM's (which I can assert professionally is very unlikely, but I don't expect anyone to take my word for it), they are far from "crown jewels".
The only "meaningful" large scale use of TPMs is actually within the department of defense. It's been a pretty uphill battle getting them deployed and used in other environments.
You realize that these are exactly the same arguments that were brought up to argue against the details revealed in these documents, so perhaps appeals to authority and use of the words 'conspiracy theories' may be taken with a few more grains of salt. NSA backdoors have been alleged for decades now, and the response is always that they're a 'conspiracy theory'.
"I keep finding myself in the awkward position of trying to refute conspiracy theories, but not being at liberty to share everything I know about these scenarios"
There are things I want to say about that sort of thinking, but I am afraid to say them. What a wonderful world...
Disagree. Over the medium term, TPMs (which message board geeks have been unhelpfully demonizing for years) are part of a system of technologies that could make laptop encryption much harder to break. Laptop encryption is a real operational challenge for both HUMINT and law enforcement.
No, but now we cannot just assume that cryptosystems are being developed in good faith or that mistakes are not actually covert sabotage. We need to check these systems before we put our trust in them.
m0nastic|12 years ago
Taking for granted that the NSA actually backdoored TPM's (which I can assert professionally is very unlikely, but I don't expect anyone to take my word for it), they are far from "crown jewels".
The only "meaningful" large scale use of TPMs is actually within the department of defense. It's been a pretty uphill battle getting them deployed and used in other environments.
gamble|12 years ago
betterunix|12 years ago
There are things I want to say about that sort of thinking, but I am afraid to say them. What a wonderful world...
tptacek|12 years ago
tptacek|12 years ago
betterunix|12 years ago
coldtea|12 years ago