[halJordan]

It's because tpms are small and have small storage. The outrageous "its a secret cabal" voices are a prime example of what people cook up when faced with something they cant explain due to ignorance but feel the need to have an answer. Its as outrageous as a Republican saying "Q did it."

[Dylan16807]

Wondering if something was requested by law enforcement isn't implying a cabal, chill.

Also a couple kilobytes of flash costs basically nothing. And you could hash keys over a certain length, which is much better than having such a short limit on a human-typed string.

[bootsmann]

A couple of kilobytes of flash also doesn't come with the protections the tpm offers (or at least is supposed to offer, considering the article in the OP)

[jasonjayr]

Sure they are small little embedded chips, supposedly physically hardened from tampering.

but argon2($string_of_any_length) should produce a fixed-length byte string, no?

[LawTalkingGuy]

And if they aren't using such a password library, what other errors are likely?

Timing attack on the character of the pw which failed?

[salawat]

If you'd like to provide schemata, open standards and source code for them, then don't keep the class waiting.

Don't/can't? Then you're a fool trusting someone else to do something you yourself cannot inspect. Then again, most people seem to be oddly fine with that. I am not of that number.

[intelVISA]

as a 1337 pwn3r the TPMs are fine

source: just trust me bro