When I tell a developer that I broke their cryptosystem, there’s usually a pregnant pause in the conversation where they take it in, like a young child being shown a magic trick. As the initial wonder passes, though, they are not usually elated.
“I thought AES was safe. What should I use instead?”
Sorry, but AES isn’t the issue. AES, despite its very minor known flaws, isn’t considered unsafe as of this writing. 6-inch thick steel walls are difficult to break through, but that’s not generally how you get past steel walls. One goes around, under, above them, not through.
— Defeating AES without a PhD - SpiderLabs Anterior
Interesting little piece on decrypting what appears to be a well encrypted parameter. If you're a web developer who's passing encrypted data around through parameters, take note of the post-mortem section.