When you say "nobody" you mean actual attackers - obviously researchers attack these things all the time. And you do get practical breaks as a result of breaks in cryptography - WEP is the most famous example.
But WEP is a perfect example. WEP is a protocol which uses RC4 for crypto.
RC4 was a really bad proprietary cipher to use, with well known weaknesses even back then, and with key sizes providing no security margin at all. It is essentially a horrible cipher, and they could have barely chosen a worse one while even pretending they tried.
And yet, even with all such horrible decisions about RC4, the primary problem was still not in RC4. WEP didn't even use RC4 correctly. RC4 only tries to be secure if you don't reuse IVs, otherwise all bets are off. WEP completely ignored that. Mishandling IVs/nonces is not even anything obscure - it's one of the basics.
So, the FBI allegedly arranged for a number of backdoors to be built into the OpenBSD IPSEC stack. I don't really know how credible this claim is, but it sparked a discussion in my office about digital security, and encryption in general. One of my colleagues said something to the effect of it only being a matter of time before they found a way to easily break RSA.
It was at about this moment that time stopped.
I responded with something I thought was quite lucid, but there's only so much lay interest that can be held in a sentence that includes the phrases "fact about all integers" and "solvable in polynomial time". The basic thrust of my argument was that it wasn't something he could just decide an answer to, but I don't think he'll be walking away any the more enlightened.
This got me wondering: do arguments that sit on cast-iron facts (or lack thereof) about number theory feel any different when you're making them, compared to arguments that sit on facts about the world you're just extremely confident about?
If I have a discussion with someone about taxation it has no more consequence than a discussion about cryptography, but the tax discussion feels more urgent. Someone walking around with wonky ideas about fiscal policy seems more distressing than someone walking around with wonky ideas about modular arithmetic. Modular arithmetic can look after itself, but fiscal policy is somehow more vulnerable to bad ideas.
Do your arguments feel different?