I am researching the history of cryptographic development in the United States. It has come to my attention that there are some algorithms the US Federal Government recommended in the past that have failed to gain traction, whose design choices were suspicious, or were cracked in public.
Here is a list of such algorithms I have compiled so far:
1. DES
2. DSS
3. ECDSA (standardized but lack of explanation for choice of curves)
4. DUAL\_EC\_DBRNG
5. SPECK
6. SIMON
Are there any algorithms you can think of that failed to gain traction, were rejected by academia, or cracked in public just as DES was?