Most devastating attacks known to day are based on reverse lookup table. This is pretty much worst-case scenario where you have to re-issue everything. I personally know of couple examples where cost-cutting with HSM resulted in this.

Jet is right, anything outside of individual banks, payment and transaction clearing house and such, have never been hacked. This doesn't mean it will never get hacked. For example, breakthrough in quantum computing or some new algorithmic vulnerability can result in a working exploit before it becomes public. Fortunately, all of them (up to this point) were discovered through academia or IBM labs, with the team publishing major exploit (e.g. distributed computing attack on DES in 99) get guaranteed academic tenure and funding forever. This is extra-strong incentive to not sit on your discovery.

Way cryptography science is set up is that you only need to demonstrate existential forgery, that is you don't have to have working exploit, it is sufficient to show that one could exist. This is absolutely right approach, any algorithm that could have successful attack done against it is replaced, so by the time exploits derived most of the important stuff moved on to new things. In cryptography _ALL_ exploits/hacks are due to improper implementation, what/how possibly someone can hack is very known.

This is very much unlike software industry, where zero-day exploits are mostly unknown until they are a) sold to vendor b) exploit is detected in the wild and reported.


Now all of the about is very interesting, but we still haven't settled the topic of conversation: Simple possibility of voter fraud is insufficient justification to claim elections were stolen.

Evidence of voter fraud of sufficient severity -> election stolen

Otherwise it is appeal to probability.

[Linked Image]