Cryptography and Encryption Fundamentals Questions

Comprehensive understanding of modern cryptography and encryption principles used to build secure systems. Candidates should be able to explain the differences between symmetric and asymmetric encryption, appropriate use cases for each, and common algorithms by full name such as Advanced Encryption Standard and Data Encryption Standard for symmetric ciphers and Rivest Shamir Adleman and elliptic curve based algorithms such as Elliptic Curve Digital Signature Algorithm and Elliptic Curve Diffie Hellman for public key operations. Describe hybrid encryption patterns in which asymmetric cryptography is used to protect a symmetric session key, and discuss block cipher modes of operation including cipher block chaining and authenticated encryption modes such as Galois Counter Mode, as well as the role of initialization vectors and nonces. Cover hash functions and integrity checks with properties such as collision resistance and preimage resistance, message authentication codes, authenticated encryption, and digital signatures for authentication and nonrepudiation. Include high level Public Key Infrastructure concepts including certificates and certificate authorities and how certificates are used to establish trust, together with foundational Transport Layer Security and Secure Sockets Layer principles without requiring deep certificate lifecycle management knowledge. Emphasize key management and operational concerns including secure key generation, secure storage, rotation and compromise handling, randomness and entropy sources, recommended key lengths and algorithm lifecycle considerations, and performance and scalability trade offs. Be prepared to discuss common implementation pitfalls and failures such as weak key sizes, poor random number generation, improper key reuse, and lack of authenticated encryption, plus threat models and practical applications including encrypting data at rest and in transit, secure channels, and signing and verification. Avoid deep mathematical proofs unless specifically requested, but be ready to reason about practical trade offs, algorithm selection, and secure implementation patterns.

HardTechnical

74 practiced

Discuss deterministic encryption for use in database indexing and queries. Explain the security risks such as frequency analysis and pattern leakage, how order-preserving encryption increases leakage, alternatives such as encrypted indexes, tokenization, or searchable encryption, and practical trade-offs between queryability and confidentiality.

HardSystem Design

62 practiced

Design a scalable certificate revocation checking solution for a global service considering CRLs, OCSP, OCSP stapling, caching strategies, privacy concerns, and offline verification. Discuss trade-offs between real-time revocation checks and latency/availability.

MediumTechnical

63 practiced

You are building an authentication service for a high-traffic web application. Choose a password hashing strategy and algorithm from PBKDF2, bcrypt, scrypt, or Argon2, specify parameters to tune (iteration count, memory, parallelism), and explain how you would migrate existing bcrypt-hashed passwords to the new scheme without forcing a reset for all users.

EasyTechnical

75 practiced

Define initialization vector (IV) and nonce in cryptographic operations. Explain their roles for modes like CBC and GCM, required properties (randomness vs uniqueness), consequences of reuse, and best practices for generation, storage and transmission of IVs/nonces.

HardTechnical

71 practiced

Your cloud KMS master key has been compromised. Provide a prioritized incident response playbook covering containment and eradication steps, rekeying and re-encryption plans for affected data, a rollout strategy to replace keys with minimal disruption, and compliance and stakeholder communication tasks.

Unlock Full Question Bank

Get access to hundreds of Cryptography and Encryption Fundamentals interview questions and detailed answers.

Join thousands of developers preparing for their dream job.