InterviewStack.io LogoInterviewStack.io

Cryptographic Vulnerabilities and Attacks Questions

Covers vulnerabilities and attack techniques specific to cryptographic algorithms, protocols, and implementations. Topics include mathematical cryptanalysis, weak key generation and management, improper use of encryption modes, padding oracle attacks, side channel attacks such as timing and power analysis, weak or biased random number generation, hash function collisions, protocol flaws, certificate and key handling errors, and implementation defects that introduce weaknesses. Candidates should be able to explain how these attacks work, identify insecure patterns in code or protocols, give real world examples, and propose mitigations such as using well vetted algorithms and modes, authenticated encryption, secure random number generation, constant time implementations, proper key management and rotation, certificate validation, protocol hardening, and use of hardware security modules. Knowledge of how to detect cryptographic weaknesses during code review, testing, and threat modeling is also assessed.

HardTechnical
46 practiced
A modular exponentiation routine uses sliding-window exponentiation and contains branches that depend on bits of the exponent, such as 'if (bit) result = result * base'. Provide a constant-time C implementation (conceptual code) of modular exponentiation or sliding-window multiplication, explain why it is constant time, and discuss compiler optimizations that could break your assumptions and how to prevent them.
HardTechnical
57 practiced
Explain the ROCA-style weak key vulnerability where a flawed key generation algorithm produces RSA moduli with predictable structure that allows factoring. Describe how you would detect such weak keys at scale in a large key repository, what mathematical tests or fingerprints to use, and what mitigation and remediation steps should follow detection.
MediumTechnical
41 practiced
You are auditing a protocol that uses ephemeral Diffie-Hellman for key agreement but omits any form of authentication for the DH public values. Sketch likely man-in-the-middle and downgrade attacks and propose concrete protocol fixes including authentication methods and recommended parameter choices for groups or curves.
HardTechnical
46 practiced
You are evaluating post-quantum key-exchange candidates for integration into a VPN product. Compare lattice-based schemes (for example Kyber) and code-based schemes on key size, ciphertext size, failure probability, side-channel resistance, and implementation pitfalls. Recommend a hybridization strategy that balances practicality and future resistance.
HardTechnical
53 practiced
You must migrate an enterprise PKI where many roots and intermediates are signed with SHA-1 or 1024-bit RSA. Produce a detailed migration plan covering trust anchor replacement, cross-signing, CRL and OCSP handling, roll-back plan, key reissue scheduling, impact on clients, and monitoring to catch compatibility regressions.

Unlock Full Question Bank

Get access to hundreds of Cryptographic Vulnerabilities and Attacks interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.