In theory the security of Internet communication depends on a variety of cryptographic protocols including ones for symmetric and asymmetric encryption, key exchange, signing messages, and generating random numbers. The security of these cryptographic protocols is based on underlying mathematical problems that are thought to be hard. Ideally, the protocols cannot be broken without attacking the underlying hard problems. However, in practice security depends on these protocols being correctly and securely implemented to keep them from leaking valuable information to an active, or even passive, attacker. While the security of implementations can be tested by a variety of means, including using code analysis and formal verification to improve source code, we focus on how existing security on the Internet can be probed by beginning with passive collection and analysis of real network traffic. We show that by passively looking at cryptographic data from real world connections, and following up with more active approaches when needed, one can expose problems with random number generation, discover incorrect and unusual cryptographic choices and implementations, and even recover private keys. In addition, for users attempting to evade censorship security can rest in hiding their traffic among more innocuous traffic. We show that a passive observer, using deep learning and host-based analysis, can identify circumventing traffic.