Seldom in cryptography do we have any unconditional proofs of the difficulty of defeating our cryptosystems. Furthermore, we are often defeated not by the attacks we anticipated, but the vectors we did not know about. Like fire and safety engineers, we learn from the mistakes of the past in order to avoid similar mistakes in the future. This presentation is a summary of the mistakes that web app developers have made in implementing crypytosystems, so that we do not repeat them.
