>My point is; what changes if we knew for a fact it was Russia or that it was someone else?

Is this a serious question?

Sounds serious to me

It's highly unlikely that the people behind an attack like this would come out (non-anonimously) and take credit. And it's unlikely they'll be caught. So does it matter to most peoplee if it's Russians, Americans, Iranians, North Koreans, or some other country?

If you're a 3-letter agency, you'd want to know and potentially arrest them, but as a random guy on the internet, or even a maintainer, I really don't think it matters.

So if it came out that the NSA was attempting to put backdoors in consumer password managers, it wouldn't change the context of the side channel attack? How about if it was a company (like Google)? It seemed like an unserious question because I can't understand how someone would think something like that wouldn't change the situation.

Does the nsa really need that ? 99% of our services are hosted on American servers, which the nsa already has full access.

Why would you steal the key when you're already in the house ?

And for the high profile, like some Iranian scientist who has the code to something important, they wouldn't use things like bitwarden.

I really see no use case when the nsa would need access to your bitwarden vault.

> So if it came out that the NSA was attempting to put backdoors in consumer password managers, it wouldn't change the context of the side channel attack?

Not really, we already know that NSA attempts shit like this all the time, if that came out, it'd be the same as the Snowden leaks meaning, a bunch of nerds going "Huh, who could have predicted this?". I don't see the point in it being Russia, China or the US, I'd like it as much if the US did it as Russia, so that's why I asked why it matters.

for most people, nothing.

for threat intel people, a lot.