It's also likely that they've got more efficient attacks than the public researchers have, since they have access not only to the public research but also to a set of well-paid brilliant minds who work on these problems every day, and have been for quite some time.
In case people aren't aware, this isn't just hyperbole.
The story of the DES S-Boxes[1] indicates the NSA (actually IBM working with NSA, but still) was roughly 15-20 years ahead of publicly known attack techniques in 1990. I'd imagine the public state of the art is a bit closer now, but there is little doubt they have a big lead.
There were few reasons for mainstream adoption of cryptography in the early 90's. On-line commerce and communication barely existed. Thus little motive existed for public cryptography research and development. By comparison, militaries of the world had decades of experience. Battles had been won and lost because of cryptography.
The cypherpunk movement[1] of the 90's and gradual push towards mass adoption of cryptography for on-line commerce led to the NSA attempting to introduce key escrow via the clipper chip[2] (to enable backdoor access to crypto systems). This plan suffered a quick demise, hastened in part by a serious vulnerability in the scheme being identified by Matt Blaze in '94.
The rate of progress of this movement raised a lot of eyebrows. Crypto currencies were discussed and demonstrated. Julian Assange (and others) demonstrated Rubberhose FS (a deniable encryption system). And if that wasn't extreme enough, Jim Bell started a conversation about the application of cryptography to anonymous crowd-sourced political assassinations (!)...
It should be fairly obvious to see why the NSA (and more widely, the US government) had concerns. These concerns are still valid today with dual-use crypto-anarchy[3] technology such as Tor and Bitcoin being in common use. One side may be trying to prevent this technology being used by Mexican drug cartels, smugglers, etc. The other side sees greater merit in ensuring that populations in Syria, Iran, China, etc can bypass government censorship.
It's well worth reading about this era of computing history and all the well known names that were involved[4]. The insight gained will help with forming opinions on current topics, ensuring that both sides of arguments and all consequences are considered.
In summary, I think it'd be fair to say that mainstream reliance on strong cryptography has dwarfed military usage for a number of years now. The threat is also significantly higher to public/commercial entities because a failure of crypto systems in banking, stock exchange, news and on-line commerce could destroy economies. A break of AES, RSA, etc would primarily be kept secret to prevent economies from collapsing -- not so much to maintain an ability to decrypt meaningless chitter-chatter between millions of ordinary people.
In case people aren't aware, this isn't just hyperbole.
The story of the DES S-Boxes[1] indicates the NSA (actually IBM working with NSA, but still) was roughly 15-20 years ahead of publicly known attack techniques in 1990. I'd imagine the public state of the art is a bit closer now, but there is little doubt they have a big lead.
[1] http://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.27...