this is pretty amusing reading: http://s3.documentcloud.org/documents/844508/nsas-talking-points-for-holiday... "NSA does not and will not demand changes by any vendor to any product, nor does it have any authority to demand such changes." - NSA Spin TRANSLATION: "We pay above market rates[0] to our corporate partners for embedded vulns goddamnit!" - NSA Truth 0. $10,000,000 to backdoor all of RSA's BSafe customers and cheer lead Dual_EC_DRBG through approval it seems. http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C22... let's not get into the standards bodies[1] yet, they're a little raw right now :o 1. "Critics: NSA agent co-chairing key crypto standards body [IETF CFRG] should be removed" http://arstechnica.com/security/2013/12/critics-nsa-agent-co-chairing-key-cr...