InterviewStack.io LogoInterviewStack.io

Cryptographic Hashing and Authentication Questions

Comprehensive knowledge of hash functions including SHA-256, SHA-3, BLAKE2, and older algorithms like MD5 and SHA-1 (and why they're deprecated). Understand hash function properties: collision resistance, pre-image resistance, second pre-image resistance, and avalanche effect. Know applications of hashing in security. Understand message authentication codes (MAC), HMAC, and how they differ from hashing. Know authenticated encryption modes and why authenticated encryption is important. Understand why hash functions are critical for data integrity in cryptographic systems.

MediumTechnical
42 practiced
Implement HMAC-SHA256 in your preferred language. Your implementation must: handle keys longer than the block size by hashing them first, pad keys to block size, compute HMAC per the standard, perform constant-time tag comparison, and optionally support truncation to a specified tag length. Provide function signatures and describe any third-party libraries you would use or avoid.
HardTechnical
45 practiced
Given a Merkle–Damgård hash function H built from an iterated compression function f, show why a collision in the compression function f implies a collision in H. Explain how this structural property gives rise to length-extension attacks, and contrast this with the sponge construction used by SHA-3 which does not expose the same chaining state in the same way.
EasyTechnical
38 practiced
Explain the four canonical security properties of cryptographic hash functions — collision resistance, pre-image resistance, second-pre-image resistance, and the avalanche effect. For each property: define it formally, give a short intuitive example of an attack that violates it, and state why that property matters in real-world protocols (for example: digital signatures, commitment schemes, password storage, and integrity checks).
EasyBehavioral
42 practiced
Behavioral: Tell me about a time when you discovered or prevented a cryptographic weakness related to hashing or authentication in a project. Describe the context, how you identified the issue (tools, tests, code review), the technical root cause, the mitigation or redesign you recommended, and what you learned from the incident.
HardTechnical
52 practiced
Discuss security implications of using hash functions to accumulate entropy into an RNG (e.g., hashing multiple entropy sources into a single seed). When is simple hashing adequate versus when you should use a standardized DRBG (like HMAC-DRBG)? How do you design reseed and state-compromise recovery procedures?

Unlock Full Question Bank

Get access to hundreds of Cryptographic Hashing and Authentication interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.