Talking about Cryptodevices... which one?

Peter Lebbing peter at digitalbrains.com
Wed Feb 4 23:07:18 CET 2015


On 04/02/15 21:44, Matthias-Christian Ott wrote:
> There are enough examples of vendors that introduced government backdoors in
> their proprietary products to come to the conclusion that it is probably not
> a good idea to use proprietary software or hardware if your threat model
> includes government backdoors and you want to defend against them (of course
> that doesn't mean that it is impossible to verify that a proprietary product 
> does not contain a backdoor but it is unarguably a lot harder). So I don't
> know how speculating that a particular vendor of proprietary hardware and
> software implants backdoors in its products does move the discussion
> forward.

What about non-governmental attackers who are able to update your reader
firmware through an evil maid attack or the like? You seem to imply that hacked
reader firmware is necessarily by a government or the manufacturer.

I don't think "it's easier to hack than comparable equipment from competitors"
is a particularly compelling argument, though, to be honest.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list