6 Sep
2013
6 Sep
'13
9:41 p.m.
Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
It may be hardware and/or software, it may be by government will or other bodies, bottom line is that nothing is safe.
I've been advising for years to be wary of making crypto rely on arcane hardware features. Fortunately, there's no special reason to rely primarily on built-in microcode routines for things like RNGs. And, as to 'commercial encryption', if I'm for some reason obliged to use corporate VPN software and such, I either layer on top of that userspace crypto I have more control over or say/do nothing I wouldn't want on the front page of a newspaper.