Re: wanted: educate us please on key dongles
Marc Haber writes ("Re: wanted: educate us please on key dongles"):
> That's a point, but I cannot validate whether the free hardware
> design running the free software crypto app isn't backdoored anyway due
> to lack of knowledge and expertise.
You don't need to be able to validate it personally. The thing spooks
most hate is discovery. Backdooring supposedly-free hardware is
harder (more costly) because it comes with greater risk of discovery.
To put it concretely: if they backdoor all of them, someone (not
necessarily you) might notice. (Backdooring only yours involves
messing with the shipping arrangements and so on, and supposes that
you specifically are of interest.)
That's not to say it's perfect (nothing is, in security). But
supposedly-free hardware is easier for anyone else to validate and/or
audit, and by that measure is less likely to be compromised.
How far down the paranoia road you want to go is up to you, but buying
an open hardware / libre firmware security device, rather than a
proprietary one, has relatively few downsides (esp. compared to other
things you might do to reduce your risks).
Also of course buying a libre device has other wider benefits.