Oh, just this sort of stuff, including the "clipper chip"...
http://www.smh.com.au/articles/2004/10/28/1098667897076.html?oneclick=true
http://www.wired.com/news/politics/0,1283,46816,00.html
http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2002-October/020847.html
http://www.usatoday.com/tech/news/techpolicy/2003-03-31-crypto-rights_x.htm
If you BUY an encryption product (i.e. a USB keychain or a 'convenient' windows solution), are you certain they really did stick to the standard? Every little bit of it? And are you certain that the standard really is "good"? There are a lot of ways to encrypt something with '128 bits' and really only apply 32 or 40 bits' worth to it that are obfuscated beyond belief. Possibly even encoding the data so the key can be 'solved' mathemetically from the 'discarded' portions of an intermediate stage of the encryption/decryption.
Something that's 'approved' by the government (one so keen on spying and prying into people's business) for our use just doesn't give me a warm, fuzzy feeling for some reason. Especially since they have classified forms of encryption for the truly sensitive stuff, and 'public' forms of encryption for the more mundane junk. If a government agency is sending memos back and forth about administrating claim submissions and individual IRS forms, yeah, I bet RSA and SHA are just fine for that from the government's perspective. It invonveniences a few people when that sort of thing is cracked, compared to the 'greater good'.
My primary beef with the security of encryption is mass produced encryption. If there are a hundred million users of exactly the same encryption, it is truly WORTHWHILE for someone to study it, and crack it, including building highly specialised hardware JUST to crack that encryption via brute force, if necessary.
For instance, the SSL encryption used by web pages is supposed to be secure, and elements of it are... but it's actually based on several kinds of encryption, including some VERY weak ciphers. It interoperates with servers around the world, and some countries have even more rigorously narrow guidelines for what constitutes 'legal' encryption than the US does. If you did your taxes with an on-line web service three years ago, and someone between you and the tax site logged the transactions, are those still secure? Will they be secure 20 years from now when you still have the same name, address and social security number, and everyone's joking about how lame 128 bit encryption really turned out to be? Will you be laughing then?
This isn't to say that basic encryption through obscurity is the way to go. It's just that if you're serious about your data's security, then a combination of approaches is needed, so you don't chuck all of your eggs into the same basket, especially a very big basket shared by millions of similarly naive people who could ALL be burned when the encryption is broken (or perhaps they already have been burned). People who crack encryption can't always be relied on to call a press conference and boast about it. Using a combination of methods is slower, but when someone cracks one encryption, they still have securely encrypted data to look at, and (preferably) no way to know what other encryptions were used.
In short, encryption has a life cycle, just as other technologies do. It's not a matter of 'if' encryption will be cracked, it's when. You make your best projections that the data (such as names and credit card numbers) will be invalid by the time cipher is cracked. The strength of the encryption is simply a matter of what's at stake. A little credit card fraud? A little identity theft? Your life's savings? Time in prison? National security? What's at stake? This will tell you what measure of encryption (and inconvenience) is worth applying to your data. For on-line credit card orders through different kinds of web forms, then truly SSL is fine. I wouldn't trust it with standardised on-line tax form submissions to the IRS, all in the same format, times millions, but lots of naive people do. I still send my taxes in on paper, because it's too much trouble to open and scan contents of envelopes, and there are long established felony crimes established for mail tampering. If some individual at a large ISP launches a packet logger on a server that records all submissions to a given set of IP addresses (such as the ones used to submit electronic IRS forms), who will be the wiser? He can't read it now, but what of ten years from now when he dusts off the DVDs he burned and applies the latest photonic or quantum technology (or outright crack) to the problem? I think the peace of mind from buying a registered stamp at the post office and mailing the envelope is worth while.
I do not sleep in the office -- at least in the night, I only take a nap there but I take my laptop with me once I leave the city. I know what you will say. I 'd better avoid boyfriends that live out of the city. I'd say that I 'd better avoid boyfriends generally speaking.