Marc Haber writes ("Re: wanted: educate us please on key dongles"):
> That's a point, but I cannot validate whether the free hardware
> design running the free software crypto app isn't backdoored anyway due
> to lack of knowledge and expertise.You don't need to be able to validate it personally. The thing spooks most hate is discovery. Backdooring supposedly-free hardware is harder (more costly) because it comes with greater risk of discovery. To put it concretely: if they backdoor all of them, someone (not necessarily you) might notice. (Backdooring only yours involves messing with the shipping arrangements and so on, and supposes that you specifically are of interest.) That's not to say it's perfect (nothing is, in security). But supposedly-free hardware is easier for anyone else to validate and/or audit, and by that measure is less likely to be compromised. How far down the paranoia road you want to go is up to you, but buying an open hardware / libre firmware security device, rather than a proprietary one, has relatively few downsides (esp. compared to other things you might do to reduce your risks). Also of course buying a libre device has other wider benefits. Ian.
