- If you have data in flight, use TLS (what used to be SSL)
- If you have data at rest, use PGP.
- MAC-then-Encrypt: you leave yourself open to attacks against your crypto implementation.
- Use hashes instead of MACs: you neable hash extension attacks.
- Reuse key-IV or key-nonce pairs: you open yourself up to a multitude of issues.
- Ever Use ECB: there's never a good use case for ECB.