[Nextgrid]

See my other comment: https://news.ycombinator.com/item?id=31293577

It really depends on what your threat model is and whether you intend to use the TPM to begin with. If not, you really don't care about the security of any cryptography as long as the output is valid enough to satisfy whatever application is using the TPM.

[nonrandomstring]

Creating an adversarial relationship between the user and vendor is a debasement of security principles. Now, Windows is the threat model and that's why "mandating" this was the wrong choice altogether. Microsoft could even have sold this as a feature. The fact that they chose instead to push it on users tells you everything you need to know about the future of users' relationship with their products. The perimeter of my security ends where Microsoft begins.