Cryptography and Encryption Fundamentals Questions

Comprehensive understanding of modern cryptography and encryption principles used to build secure systems. Candidates should be able to explain the differences between symmetric and asymmetric encryption, appropriate use cases for each, and common algorithms by full name such as Advanced Encryption Standard and Data Encryption Standard for symmetric ciphers and Rivest Shamir Adleman and elliptic curve based algorithms such as Elliptic Curve Digital Signature Algorithm and Elliptic Curve Diffie Hellman for public key operations. Describe hybrid encryption patterns in which asymmetric cryptography is used to protect a symmetric session key, and discuss block cipher modes of operation including cipher block chaining and authenticated encryption modes such as Galois Counter Mode, as well as the role of initialization vectors and nonces. Cover hash functions and integrity checks with properties such as collision resistance and preimage resistance, message authentication codes, authenticated encryption, and digital signatures for authentication and nonrepudiation. Include high level Public Key Infrastructure concepts including certificates and certificate authorities and how certificates are used to establish trust, together with foundational Transport Layer Security and Secure Sockets Layer principles without requiring deep certificate lifecycle management knowledge. Emphasize key management and operational concerns including secure key generation, secure storage, rotation and compromise handling, randomness and entropy sources, recommended key lengths and algorithm lifecycle considerations, and performance and scalability trade offs. Be prepared to discuss common implementation pitfalls and failures such as weak key sizes, poor random number generation, improper key reuse, and lack of authenticated encryption, plus threat models and practical applications including encrypting data at rest and in transit, secure channels, and signing and verification. Avoid deep mathematical proofs unless specifically requested, but be ready to reason about practical trade offs, algorithm selection, and secure implementation patterns.

HardTechnical

53 practiced

You discover a legacy application stores user passwords as unsalted SHA-1 digests. Propose a migration strategy to Argon2/bcrypt that supports rolling upgrades without forcing immediate password resets, preserves authentication availability, and provides a plan to detect and re-hash weak legacy entries over time.

MediumSystem Design

53 practiced

Design a secure, multi-tenant file-at-rest encryption scheme for a cloud service. Include key hierarchy (tenant master keys, per-file data keys), envelope encryption, access control for keys, rotation and revocation procedures, and how to ensure isolation between tenants while maintaining performance at scale.

MediumTechnical

59 practiced

A compliance audit requires demonstrable key rotation and access logging for all keys used to encrypt regulated data. Propose a practical key rotation schedule, automated rotation process, and how you would present evidence (logs, snapshots, attestation) that rotation occurred and that previous keys were retired securely.

EasyTechnical

55 practiced

List common cryptographic implementation pitfalls you would look for during a security review: weak random number generation, IV/nonce reuse, use of ECB mode, hard-coded keys, lack of authenticated encryption, and insecure key storage. For each pitfall provide a concise mitigation or detection approach.

HardTechnical

54 practiced

Design and provide Python pseudo-code for a secure key-derivation scheme using HKDF to generate per-file encryption keys from a single master key. Explain the role of salt, info/context, output length, and how you would rotate the master key while minimizing the need to re-encrypt existing files.

Unlock Full Question Bank

Get access to hundreds of Cryptography and Encryption Fundamentals interview questions and detailed answers.

Join thousands of developers preparing for their dream job.