"Bullshit. One of the most interesting things to come out of the Snowden revelations was the discovery that the NSA doesn't have any secret ways into properly done crypto -- Schneier even noted as much in his interview with Snowden."
I think you missed the whole point: NSA has been secretly beating many crypto you cite for years with a myriad of bypasses. They piled up attacks on applications, OS's, firmwares, and so on. They have it to the point that it's automated with QUANTUM. Linux's fragmentation gave non-mainstream distro's certain protection. I did that directly in previous work in what I called Security via Diversity. Academia has re-discovered that concept and regularly publishes it under banner "moving target." Yet, most people could've been smashed by NSA this entire time without realizing it.
So, after NSA *lost*, they waited for an opportunity. 9/11 provided it. Then, they started tapping the Tier 1 providers, intercepting whole datacenters worth of stuff, covert partnerships with U.S./foreign companies, coercive relationships with FBI support, infiltration of foreign companies/sites, weakening of crypto standards, insertion of 0-day's, deliberately leaving in 0-days, and buying up even more 0-days + attack kits for automated use. The combination of Snowden leaks and Equation Group report show they have utterly been dominating their opponents... without them even knowing... for over a decade.
In short, they went to war on everything (see BULLRUN) in secret, they won enough to create a "golden age of surveillance," and post-Snowden we're launching a new set of battle with new criteria to stop them. That's a... third... fight. Strange how security experts can say a quasi-military organization attacked, hacked, and subverted almost everything in wide use without saying they lost a war to them. They did loose. Many of us told them exactly what they were hitting pre-Snowden given it had to be anything in a system that ran code or could be reached by code (obvious eh?). We were told various things: too paranoid; that's impractical; nobody is reporting those hacks so they aren't happening; FBI & NSA are saying in public they can't do that. And on and on. They talked like they were safe on their FOSS & "secured" Windows boxes while they were getting stomped for years on end.
So, if anyone's calling bullshit, it's me on mainstream INFOSEC industry and security "experts" who didn't see this shit coming despite me outlining it nicely for years. My framework still exists (below) showing all the rigor it takes at every layer to stand a chance at beating them. Secure code or good crypto apps aren't enough. My framework is taken right out of the government's requirements for the ultra-secure systems (Type 1, EAL6/7) they use at most sensitive sites but won't let us have. Want to eliminate risk in your software and stick it to NSA? The opportunity is right there below waiting for your effort.