Top Cryptographic Misuse Patterns
Survey the most common developer mistakes: ECB mode, weak PRNG seeding, rolling your own crypto.
ECB Mode Reveals Block Patterns
Electronic Codebook (ECB) mode encrypts each block independently with the same key. Identical plaintext blocks produce identical ciphertext blocks. The classic demonstration is the "ECB penguin": encrypting a bitmap image with ECB preserves the block-level structure of the image, making the penguin outline clearly visible in the ciphertext. ECB mode provides no semantic security and should never be used for any practical encryption purpose.
Rolling Your Own Crypto
Implementing cryptographic primitives from scratch is one of the most dangerous practices in software development. Cryptography requires perfect correctness under adversarial conditions: a subtle timing leak, an off-by-one error in padding, or a misunderstanding of security requirements can create exploitable vulnerabilities indistinguishable from correct behavior in normal testing. Even expert cryptographers make implementation mistakes; application developers should use well-audited libraries exclusively.
All lessons in this course
- Padding Oracle Attacks in Detail
- Replay Attacks and Nonce Reuse Vulnerabilities
- Timing Attacks in Application-Level Code
- Top Cryptographic Misuse Patterns