- The timing attacks were the most surprising to me -- particularly because how easy they were to exploit once you collected enough statistics.
- Finding the seed / predicting upcoming random numbers from popular PRNGs by reconstructing internal state. (Interesting side note: I had to implement the Mersenne Twister from wikipedia, and my code literally looks like line noise: https://github.com/0xfe/cryptopals/blob/master/prng.go. Reversing the tempering code made me lose a lot of hair.)
- Modifying encrypted data reliably on AES-CBC and AES-CTR by flipping bits!
- If you use the same values for IV and key, you can recover the key with a little math.
- Determining block/key sizes from ciphertext using statstical analysis worked surprisingly well.
- Number-theoretic algorithms like DH, RSA, DSA, are sensitive to their parameters (like choice of primes, generators, etc.)
