Password Attacks & Cryptography · intermediate · ~11 min

Common cryptography mistakes

Recognise the crypto misuses that show up in code review and JWTs.

Overview

Most crypto failures are misuse, not broken algorithms: home-rolled crypto, ECB, reused IV/nonce, hardcoded keys, unauthenticated (non-AEAD) encryption, non-constant-time comparison, weak RNGs, and JWT signing flaws. Fixes: vetted libraries, AEAD, unique nonces, CSPRNGs, constant-time compares, vaulted secrets.

Why it matters

These misuse patterns are exactly what source-code review and pentests turn up — hardcoded keys, nonce reuse, timing-unsafe comparisons — and recommending the correct construction is high-value remediation advice.

Core concepts

Misuse > broken algos. Nonce/IV reuse. Breaks confidentiality, can leak keys (GCM). Hardcoded keys. Top finding. Unauthenticated encryption. Tampering/padding oracles. Timing leaks. Constant-time compare for secrets. Weak RNG. Use a CSPRNG. JWT. alg:none, weak secret.

Lesson

Strong algorithms fail when used wrong. These misuses are far more common than broken ciphers, and they're what you actually find in code review.

The greatest hits

Rolling your own crypto: home-made schemes are almost always broken. Use vetted libraries and standard constructions.
ECB mode (covered): pattern leakage.
Static/reused IV or nonce: an IV/nonce must be unique (and for some modes random) per encryption. Reuse breaks confidentiality (especially catastrophic for stream ciphers / GCM, where nonce reuse can leak the key stream and forge messages).
Hardcoded keys/secrets: keys in source or config committed to repos. A top finding — search for them.
Unauthenticated encryption: encrypting without integrity (no MAC / non-AEAD mode) enables tampering and padding-oracle attacks.
Non-constant-time comparison: comparing secrets/MACs with ==/memcmp leaks timing → forgeable. Use constant-time comparison (the platform has a C exercise for exactly this).
Weak randomness: using a non-cryptographic RNG (rand()) for keys/tokens. Use a CSPRNG.
JWT signing flaws: alg:none, weak HMAC secrets, RS256↔HS256 confusion (cross-reference the Web App Security track).

The lesson

Cryptography is a minefield of usage, not just algorithms. In review, look for these patterns; in remediation, recommend vetted libraries, AEAD modes, unique nonces, CSPRNGs, constant-time comparisons, and secrets in a vault.

Summary

Cryptography breaks at the usage layer — ECB, reused nonces, hardcoded keys, missing authentication, timing-unsafe comparisons, weak randomness, JWT flaws. Defend with vetted libraries, AEAD modes, unique nonces, CSPRNGs, constant-time comparisons, and secret vaults.

Practice with these exercises

Find dangerous C functions in toy source