For programmers new to cryptography, there are plenty of “known unknowns” – unfamiliar terms like “elliptic curves” and “random oracles”, and unnecessarily long acronyms (“RSASSA-PKCS-v1_5”, like really?). But what really gives cryptography its reputation is the unknown unknowns. The things that catch even experienced developers by surprise. Quick: where’s the vulnerability in this code? (I used JavaScript here, but the same vulnerability would occur in Python, Ruby, and most other languages.) /...