This is not just about cryptanalysis. The NSA has been deliberately introducing weaknesses into cryptosystems used by the general public. That is beyond keeping cryptanalysis techniques secret, which we all assumed they would do and which few really drew any issue with. We are talking about an honest-to-goodness conspiracy, one that yesterday many would have written off as a conspiracy theory that was not even worth considering.
Basically, what we thought were the rules of the game are not the rules of the game. We thought we knew where we stood with the NSA -- they would try to attack, we would try to defend. Now we need to be thinking of a much different set of rules, one in which the NSA is not just attacking ciphers but also deliberately sabotaging our defense, and doing so covertly. We cannot even assume that mistakes really are mistakes anymore -- they could be the NSA's doing.
Basically, what we thought were the rules of the game
Er...speak for yourself buddy. If you thought that you could get proper crypto security from a boxed software product then I'd like to offer you a fantastic deal on a bridge.
Yes, and I think anyone who is reasonably good at math is qualified to do so. I'm not saying I could build undefeatable crypto, mind; I'd have to spend a year brushing up my number theory before I'd make an attempt and I don't fool myself that I'm smarter than the average NSA analyst, so I might well fail.
But if you want proper crypto and are willing to invest some time in it, I'd say take a strong open source algorithm and then rewrite it. Sure, maybe there's backdoors in the compilers, in the chips, maybe they have quantum computers and there's backdoors in the fabric of reality.
My point is not that I know unbeatably secure crypto, but that I have always assumed the NSA was using any and all means available to defeat crypto, and if you ever thought otherwise you were telling yourself fairy stories.
I said nothing about incompetence. Rather, I assume that any commercial product of that kind is compromised, because spies have such an obvious interest in compromising it. I mean, if I were a spy I wouldn't just ask companies to put backdoors in (although I would do that too), I would actively spy on the software companies. I have always assumed powerful intelligence agencies adopted a zero-sum approach to things, because ultimately they are judged on results, not a purity score.
Basically, what we thought were the rules of the game are not the rules of the game. We thought we knew where we stood with the NSA -- they would try to attack, we would try to defend. Now we need to be thinking of a much different set of rules, one in which the NSA is not just attacking ciphers but also deliberately sabotaging our defense, and doing so covertly. We cannot even assume that mistakes really are mistakes anymore -- they could be the NSA's doing.