Despite the long-lived argument that public review of crypto assures its reliability, no national infosec agency -- in any country worldwide -- follows that practice for the most secure systems. NSA's support for AES notwithstanding, the agency does not disclose its military and high level systems. It is likely that these agencies are willing to go along with the notion of public review to lull users into depending on the systems made public. If any are breakable, the review will show that, and if the agencies can break them they need not say squat, merely reap the benefits of public ignorance and trust in seemingly unbreakable systems, as with Enigma, Crypto AG, and numerous other historical examples David Kahn describes. Cryptome's FOI request for NSA documents on when and what it learned about public key (non-secret) crypto from the Brits is now 3 1/2 years old. The agency has said it has relevants documents but has not yet released anything, though some $4,000 has been paid for the search. (Last response from NSA: May 23, 2003, a telephone call from Pamela Philips, FOIA Chief, saying that the request was in the "easy queue," number 45 from the top.) Whit Diffie has said he got hints of PK, or something like it, at NSA. It is not clear from his account whether information on PK was deliberately leaked to him, with or without a restriction of disclosure, or if the breakthrough was truly a phenomenal private effort of Diffie-Hellman-Merkle. Consider that intelligence agencies are known to run years- even decades-long deception operations, especially about top secret infosec operations, with the goal of deceiving about the strength of infosec systems so that they will be sufficiently trusted to be widely used. Again, Kahn cites numerous examples of such deceptions. The reputation of witting and unwitting participants and institutions are often used to gain trust in these breakable systems. The weakness of vaunted systems is considered to be more valuable than their strengths. It is imaginable that if AES did not exist it would have to be invented for such a purposed. As with PK, PGP and the notion that public review of crypto is the hen's teeth of assurance. Until national infosec agencies reveal what they know it does not seem prudent to to believe conventional wisdom no matter how often repeated, especially how often repeated. A 100% safe crypto system is never to be believed, isn't that what always accompanies cryptographers' assurances for they now better than anyone that snake oil is their No. 1 tool. Snake oil = crypto, which accounts for why the charge is so often hurled. And why snake oil is used to camouflage what is occurring beneath its contemptible obviousness.