Not to forget, there's some speculation in the more tinfoil-hatty segments that the NSA may have supplied algorithms that are "pre-weakened". Seems unlikely but with everything that has been coming out lately, perhaps not to be dismissed out-of-hand so quickly.
IIRC, it was confirmed (by Snowden?) that the NSA had weakened a random number generator used by some OS (Windows?) to generate keys in some popular crypto protocol (https?). The numbers were drawn from a smaller domain than clients expected, making the keys easier to find by brute force.