oritteropo says... Things are ugly enough as it is. It used to be that if spooks needed your passphrase, they'd sneak in an put a bug in your keyboard... but if they have the private keys to sign replacement firmware for your keyboard then they don't even need to sneak in any more (actually I'm not sure my keyboard even needs signed firmware). I think someone cleverer than me could probably contrive a defense against that particular attack, but I'm not in the habit of checking the integrity of my peripherals, or working in a tempest shielded room. I think strong crypto is probably safe, but in the real world the crypto is hardly ever the weakest link. rebuilder said: @oritteropo I'm hoping it really is mainly procedural means the NSA have. Already before this, I've been operating under the assumption anything I haven't personally encrypted using keys controlled only by me is not secure. Used to be I only went the whole mile when I felt it was necessary, now I'm starting to move as much of my net presence into the dark as I can, out of principle more than any immediate need. But if strong crypto is compromised, as some now worry... Things get ugly.