NSA may claim to use AES256 for classified material but we don't really know if that is true for all material or only for selected parts not needing the best protection the agency has. NSA has never been a proponent, at least not a practictioner, of open testing of crypto to assure security. They read those results, file them away and keep quiet about secret inventions. No intel agency has ever disclosed its best stuff, and that is true of most commercially valuable inventions. What you can get is a retail version and a lot of hokum about how good it is and how bad is that of the competition. You don't what's true until a rogue employee breaks away to set a new shop or to get a new paymaster to spread FUD. Reverse engineering is a double-edged sword when you don't know if the purloined product you're investigating was deliberately lofted your way for "independent product testing" in order to assay your own capabilities and stupidities. The open competition for AES had a taint of that, and maybe a couple of hundred cryptographers knew WTF was going on and half of those were blinded by vanity and ignorance of "independence." The NDAs of participants sucked of "trust us." But no official crypto system has ever been free of the odor of suspicion so common are cracks and betrayals as David Kahn amply describes. Multiple layers of protection are presumably used along with obscurity about what they are. Relying on a single crypto system for protection is surely insufficient -- but it does nicely ID itself for scrutiny. End to end is singularly noticeable. Indeed, it should be assumed that any openly discussed infosec system is subject to attacks not made public, particular those which are successful, which no doubt is why NSA does not openly discuss its prowess beyond a few public utterances that are hardly revealing even to infosec connoisseurs. Like the vapidities General Hayden is oozing these days to dull the perceptions of journalists and snoozers on the Hill. To be sure it is likely Hayden knows not much more than he is briefed to know by the crypto and cracking wizards who have always danced circles around DIRNSAs bemedaled up the kazoo to flummox the fleecers. Bobby Ray Inman may have got a little inside the dark box, but none of the others knew any more than they were allowed to know, and much less after the Church hearings. Anybody heard a peep about the current NSA dustup from cpunk's old crypto control nemesis, ex-NSA Counsel Stewart Baker? His predecessor was quoted but not him, and once he couldn't get enough face time. Nearly all infosec standards for military use recommend and/or require the use of tokens or other mechanical gadgets to backup passwords and biometrics which are known to be vulnerable to human weaknesses for sex, drugs, boss hatred and venality. We finally shelled out a few bucks to buy the PGP version which provides a token as a backup for passphrases. Haven't used it yet but the regular alarms about crackability of passphrases suggests there should be more than your too smart by half, too lazy by whole, brain for protection. Settle down, Hettinga, this is only directed at you, you running dog commie bastard.