Count me among the paranoid
Re:"the very, very paranoid"
In 1990 I designed and built a secure access system for one of the Canadian Banks. This was used by senior executives and production IT personnel to log into the MainFrame system housing the banking system. It was in use by approximately 600 people for more than half a decade. The system passed the bank's internal audits as well as external review prior to implementation. It was never breached and we never received even a theoretical attack that would breach it.
Since that time, I have spent more than two decades continuing on with related research. I believe I could now mount a successful attack on the above system, even though I do not consider myself to be a 'cracker'. Code written by me has been considered sound enough to form part of third party security research and was even at one point part of a purpose-built secure operating system.
I am, as it goes, one of many, many people with reasonable knowledge and skills about this stuff, but expect I am in the bottom half of security developers generally and certainly the lower bounds of the bottom quartile when it comes to cracking.
Given a fraction of the resources available to the NSA and other government agencies, I would not trust the system described against even an attack by me, let alone one of the crafty hackers that keeps compromising systems.
It is profoundly difficult to get a secure end-to-end solution when your adversary is an entity like the NSA. I am near certain, for instance, that the key generation available to people likely has a sufficiently limited effective domain that the NSA could crack keys by brute force on the equipment available to them.
I am a developer with some knowledge of this stuff. If I were protecting something valuable enough, I would only use code partially written and entirely compiled by myself compiled with a compiler for which I had the source code and for which I used a secure method to compile. Given enough time, I would do this under a custom built OS and given the resources I would do stuff on a custom chip. I would use conventional encryption, but nested different types including variants of my own design. I would use a combination of very large keys.
Even with the above, I would not give much of a warranty that a communication could not be hacked by a very well armed adversary.
Maybe I *am* paranoid, but the insistence that small keys are OK when large keys are not much more difficult to implement and the insistence that one layer of encryption is OK when multiple levels are demonstrably more effective and easy to implement and reliance on a single set of encryption types when numerous combinations are simple enough to implement and the favoring of AES, a cipher sponsored by a government known to spy on its own citizens... well, you get the idea. I think the chances that a conventionally blessed solution is not much protection at all.
Security is somewhat tangential to my work (I get there via compression and fault tolerance) and I am not nearly as clever as some of the people who spend their time designing and cracking systems. This is not false modesty. If I see weaknesses, you can bet that people who spend their time cracking systems have ways around anything conventional.