Cryptography is a fascinating component of computer systems. It’s one of those things which appears frequently (or at least should appear frequently), yet is often poorly understood and as a result, implemented badly.
Take a couple of recent high profile examples in the form of Gawker and rootkit.com. In both of these cases, data was encrypted yet it was ultimately exposed with what in retrospect, appears to be great ease.
Troy Hunt: OWASP Top 10 for .NET developers part 7: Insecure Cryptographic Storage
This has to be the best ASP.NET developers guide to security I have ever read. A complex topic brilliantly and simply explained.