Having been exposed to encryption methods like AES and Threefish, I'm not really interested in code breaking. From this point on, it's just a game; the cryptography people use when they're not just making a puzzle is as close to unbreakable as makes no difference. Ask a computer security guy to get his hands on some information, and he's not going to try attacking the crypto, as such. He's going to look for some other way to pry open the secrets.
For example, one of the more insidious ways of breaking encryption is to watch the encryption machine doing its work. If you have a smart card containing a SUPER SECRET PASSWORD that it will only send out encrypted, you may be able to discover this password by watching how much electrical current the smart card's processor is using while it encrypts the password. If encrypting a 'b' generates one pattern on an oscilloscope, and encrypting a 'Q' generates another, then someone with an oscilloscope can trick the smart card into revealing the SUPER SECRETS contained within. There are so many ways that encryption hardware and software can leak information that such methods are usually much easier than attacking the cipher directly.
Similarly, think of how you might steal someone's Less Wrong account. You could try to guess their password, but this is far too time consuming unless they set their password to "password" or "hunter2" or something similarly obvious. If you happen to be on the same unsecured wireless network, though, you may be able to snoop on their packets and steal their session cookie. This bit of information is passed to the Less Wrong server every time you request a page; it's called "reddit_session" and it tells the server that you're logged in. If you steal someone else's session cookie, you can be logged in as them, too. It's not even hard.
And then, of course, there are things like SQL injection attacks, now also known as Bobby Tables attacks. Those are just fun.
Real security vulnerabilities, to me, are a lot more interesting than breaking deliberately simple ciphers. It teaches a remarkably clever, downright nitpicky way of thinking about how to extract the most use from each piece of information. It's potentially useful, too, which is a nice bonus.
unless they set their password to "password" or "*******" or something similarly obvious.
I don't get it -- why is ******* an obvious password?
Breaking encrypted messages offers a unique challenge, at least in its pure form. In most cryptography puzzles, the method of encryption is known, and so the challenge is finding the key. The most common form of encryption used for this is a simple substitution cipher. This is not a very difficult challenge. Depending on the puzzle, it can be tough, but it isn't something that will really strain your intellect to its maximum.
True cryptography occurs when you just get a message, and no other information. Then, the codebreaker has to find a way to determine the type of code, and then they have to find the key. This type of challenge is good for a rationalist, since you have to make sense of something confusing by running experimental tests, usually by analyzing the text. I've always found codebreaking in this sense to be very enjoyable and useful for training your mind. The main obstacle to doing so is the lack of any system designed for it. There is no website (that I know of) that provides this sort of cryptography challenge. Typically, if you want to do this, you have to find other people who also have an interest in it.
It occurred to me that people on Less Wrong might have an interest in doing something of this nature. Now, obviously, we probably won't be trying to break RSA ciphers, but there are a bunch of methods of encryption that were developed over the years before the invention of computer cryptography that could be used, without us requiring any participants to know how to program computers or do anything like that.
Is there any interest in something like this? I personally don't care how much you know already about cryptography. If you don't know anything I'd be happy to give you some book recommendations.
PS There is a difference between "cipher" and "code", but in practical language the two are sometimes interchangeable. For instance, "codebreaker" vs "cipherbreaker" isn't often a very important distinction to make, so I used the more common term. As long as the correct message gets across, you can use either term. Just make sure, if you are saying something that is specific to one particular type of encryption that you use the right vocabulary then.