[xnull1guest]

> Even for the NSA the potential of a backdoor is a problem, because every division has to trust the person that has actually generated the points. And as the Dual_EC_DRBG was used by the DoD, this person potentially has the keys to some very sensitive parts of the kingdom.

While this is generally true, it is possible for a person or organization to remove the backdoor by generating their own point and/or by reducing the number of bits generated from curve points at each RNG step (which NIST had pushed for an insecure number of).

I can't claim to know for sure, but it would be my guess that the implementations used at the Federal Reserve, the DoD and other highly sensitive areas of government that use public algorithms highly vetted to remove known implementation problems and weak parameterizations.