A few students wanted more information about application security issues arising from the use of cryptography. This list of references should give you a good start towards learning more about this topic. This would be a great topic for a research project!
- Nate Lawson has had an excellent series of blog posts investigating the use and abuse of cryptography in embedded systems.
- Tom Ptacek has been looking at this topic is general on Matasano Chargen, ex. "A Working Theory About RC4" and "If You're Typing The Letters A-E-S Into Your Code, You're Doing It Wrong."
- Tom is teaching a "Crypto for Pentesters" mini-course in Chicago on October 17th. You can e-mail him at tqbf 0x40 matasano.com if you think you can make it and want to reserve a spot. One person from the class confirmed that he will be there already, so I'm hoping he brings back some good stuff!
- Chris Eng has a talk, Crypto for Penetration Testers, on blindly manipulating cryptographic tokens to break a web application (slides).