A:
- Reusing IVs (especially in CTR/GCM) is catastrophic.
- Using weak keys or passwords without proper key derivation (use PBKDF2 / scrypt / Argon2).
- Ignoring authentication (don’t use plain AES-CBC without HMAC or use GCM).
- Hardcoding keys or secrets in code.
- Leaking crypto errors.
- Not checking ciphertext length or format before decrypting (to avoid padding oracle attacks).
Failing to rotate keys over time or upon compromise.
