What are common cryptographic weaknesses and pitfalls?

Common cryptographic mistakes that undermine security: (1) Rolling your own crypto: never implement cryptographic algorithms yourself — use vetted libraries (libsodium, OpenSSL, BouncyCastle). Subtleties in implementation destroy security. (2) Weak algorithms: MD5 and SHA-1 are broken for security purposes. DES/3DES too short. Use SHA-256+, AES-256, RSA-2048+, ECDSA-256+. (3) ECB mode: Electronic Codebook mode reveals patterns in plaintext (the "ECB penguin"). Use AES-GCM (authenticated encryption) instead. (4) IV/Nonce reuse: reusing initialization vectors with the same key in AES-GCM destroys all security guarantees (catastrophic). (5) Padding oracle attacks: improper error handling in CBC mode decryption leaks plaintext via timing. (6) Hardcoded keys/secrets: never embed keys in source code. (7) Insufficient entropy: using rand() or Math.random() instead of a CSPRNG. (8) Algorithm downgrade: not enforcing minimum TLS version, allowing weak ciphers. (9) Certificate validation bypass: disabling SSL verification (common in dev, catastrophic in prod). (10) Length extension attacks: on SHA-256 without HMAC construction.