In my experience it's news to something like 90% of all developers, who can generally be counted on to say things like "we used AES so not even the US military can break our encryption".

First entry on the svbtle network sure. I've blogged extensively here before http://unlimitednovelty.com

And while it shouldn't be news to anyone using crypto, I still feel like it's a poorly-known subject.

Oh certainly.

I learned a lot by doing the coursera course on it earlier this year including an intro to a whole new area of mathematics. Some sort of intro to crypto techniques and uses really ought to be mandatory for a lot of devs, certainly anyone tempted to use anything other than a well-coded TLS API or pre-provided GCM interface.

--edit--

In fact it's also very important that even when you do know what you're doing (to a greater extent than the entirely uninitiated), you don't implement this stuff yourself, because there are more attacks than you can possibly imagine.

See my multiple "(and even then!)" caveats ;)