When attacking problem: CIA
-do I need confidentiality? Data Integrity? Availability?
Good idea to add a MAC (message authentication code)
Minimize amount of information adversary can learn... little things can be very helpful.
Don't use algorithms without understanding them: use standards (designed to be secure), not homegrown solutions.
