Sincere question: is the NSA on record for having responsibly disclosed any previous security holes? Is there some track record of them having actively help close security holes in software?
The most famous example is the DES S-boxes, where the NSA made a change that nobody else understood - until years later, when it was discovered that they had made the algorithm more secure against cryptanalysis techniques that had just been "discovered", but which had evidently been known to NSA long before.
To expand on the DES example, the S-boxes are essentially large 'random' lookup tables. The NSA took the S-boxes, and replaced them with their own tables. At the time, it was not clear if this was to protect against an unknown attack, or to introduce an unknown attack (which may involve knowing some secret key used to generate the S-boxes).
The -1 in SHA-1 isn't because it was first. It was meant to be just "SHA", but NSA discovered a flaw in their own standardized hash algorithm soon after they published it and issued SHA-1 as a fixed version.
