Many introductory courses on cryptography have their treatment of secret-key crypto start with OTP, then block ciphers, and for public-key cryptography revolve around RSA with no notion of padding (some even have matching exercises showcasing insecure practices, beyond using artificially small parameters). It is all too common that after such introductory course, students will happily consider the OTP as a useful cipher, or tell (and try to perform) things like encrypt with private key, and believe (perhaps rightly) that's what they have been taught.
I ask what would be a better roadmap for a short introductory course on cryptography, aimed at students with an inclination towards engineering and IT, that
- gives the audience a fair grasp at the basic functions modern cryptography performs routinely (signature, authentication, key exchange, encryption..), and how they differ in goal;
- illustrates some of these functions with concrete methods, not requiring much more advanced math than RSA does, and implementable (with artificially small parameters) on about anything that can compute, including spreadsheet formulas;
- not touching formal definitions of security, much less game proofs, advanced cryptanalysis..
I realize that an actual course content will depend considerably on the time allocation, math background of the audience, and the (widely varying) organization and goals of the learning environment. I wish these things are left out inasmuch as possible, to concentrate on what cryptographic techniques should be in a coherent exposition of cryptography, so that this question can hopefully be considered on-topic.
