Cryptography and Encryption Fundamentals Questions

Comprehensive understanding of modern cryptography and encryption principles used to build secure systems. Candidates should be able to explain the differences between symmetric and asymmetric encryption, appropriate use cases for each, and common algorithms by full name such as Advanced Encryption Standard and Data Encryption Standard for symmetric ciphers and Rivest Shamir Adleman and elliptic curve based algorithms such as Elliptic Curve Digital Signature Algorithm and Elliptic Curve Diffie Hellman for public key operations. Describe hybrid encryption patterns in which asymmetric cryptography is used to protect a symmetric session key, and discuss block cipher modes of operation including cipher block chaining and authenticated encryption modes such as Galois Counter Mode, as well as the role of initialization vectors and nonces. Cover hash functions and integrity checks with properties such as collision resistance and preimage resistance, message authentication codes, authenticated encryption, and digital signatures for authentication and nonrepudiation. Include high level Public Key Infrastructure concepts including certificates and certificate authorities and how certificates are used to establish trust, together with foundational Transport Layer Security and Secure Sockets Layer principles without requiring deep certificate lifecycle management knowledge. Emphasize key management and operational concerns including secure key generation, secure storage, rotation and compromise handling, randomness and entropy sources, recommended key lengths and algorithm lifecycle considerations, and performance and scalability trade offs. Be prepared to discuss common implementation pitfalls and failures such as weak key sizes, poor random number generation, improper key reuse, and lack of authenticated encryption, plus threat models and practical applications including encrypting data at rest and in transit, secure channels, and signing and verification. Avoid deep mathematical proofs unless specifically requested, but be ready to reason about practical trade offs, algorithm selection, and secure implementation patterns.

HardTechnical

63 practiced

You review code that uses Python's non-cryptographic random module to generate keys, seeds the PRNG with the current time, and reuses the same IV for multiple messages. Identify the security vulnerabilities, explain their practical impact, and rewrite the pseudocode to correctly generate keys and unique nonces using secure OS or language APIs.

MediumSystem Design

51 practiced

Design a key management lifecycle for a microservices architecture that stores and processes encrypted customer data. Cover secure key generation, storage choices (HSM vs KMS), access control, rotation strategies with minimal downtime, re-encryption policies, and steps for suspected key compromise.

MediumTechnical

63 practiced

You are building an authentication service for a high-traffic web application. Choose a password hashing strategy and algorithm from PBKDF2, bcrypt, scrypt, or Argon2, specify parameters to tune (iteration count, memory, parallelism), and explain how you would migrate existing bcrypt-hashed passwords to the new scheme without forcing a reset for all users.

EasyTechnical

62 practiced

Describe sources of randomness and entropy relevant to secure key generation in production systems. Compare hardware TRNGs, OS-provided CSPRNGs such as getrandom or /dev/urandom, and pitfalls of using non-cryptographic PRNGs or predictable seeding.

MediumTechnical

57 practiced

Explain forward secrecy and why it matters for protecting past sessions after long-term key compromise. Describe how TLS implements forward secrecy with ephemeral Diffie-Hellman (ECDHE) and what server configuration steps are needed to ensure ephemeral keys are used correctly.

Unlock Full Question Bank

Get access to hundreds of Cryptography and Encryption Fundamentals interview questions and detailed answers.

Join thousands of developers preparing for their dream job.