InterviewStack.io LogoInterviewStack.io

Cryptography and Encryption Fundamentals Questions

Comprehensive understanding of modern cryptography and encryption principles used to build secure systems. Candidates should be able to explain the differences between symmetric and asymmetric encryption, appropriate use cases for each, and common algorithms by full name such as Advanced Encryption Standard and Data Encryption Standard for symmetric ciphers and Rivest Shamir Adleman and elliptic curve based algorithms such as Elliptic Curve Digital Signature Algorithm and Elliptic Curve Diffie Hellman for public key operations. Describe hybrid encryption patterns in which asymmetric cryptography is used to protect a symmetric session key, and discuss block cipher modes of operation including cipher block chaining and authenticated encryption modes such as Galois Counter Mode, as well as the role of initialization vectors and nonces. Cover hash functions and integrity checks with properties such as collision resistance and preimage resistance, message authentication codes, authenticated encryption, and digital signatures for authentication and nonrepudiation. Include high level Public Key Infrastructure concepts including certificates and certificate authorities and how certificates are used to establish trust, together with foundational Transport Layer Security and Secure Sockets Layer principles without requiring deep certificate lifecycle management knowledge. Emphasize key management and operational concerns including secure key generation, secure storage, rotation and compromise handling, randomness and entropy sources, recommended key lengths and algorithm lifecycle considerations, and performance and scalability trade offs. Be prepared to discuss common implementation pitfalls and failures such as weak key sizes, poor random number generation, improper key reuse, and lack of authenticated encryption, plus threat models and practical applications including encrypting data at rest and in transit, secure channels, and signing and verification. Avoid deep mathematical proofs unless specifically requested, but be ready to reason about practical trade offs, algorithm selection, and secure implementation patterns.

HardTechnical
52 practiced
A closed-source HSM-backed crypto library from a vendor is suspected of using poor entropy sources. As the security analyst, outline how you would validate the randomness, what tests and evidence you would collect (entropy estimation, statistical tests), interim mitigations to reduce risk, and long-term vendor-evaluation criteria.
EasyTechnical
62 practiced
State recommended key length guidance for common algorithms: AES (symmetric), RSA (classical public-key), and elliptic curve algorithms (ECDSA/ECDH). Explain why key length matters and what operational considerations (performance, lifespan, algorithm migration) influence your choice of length.
HardTechnical
63 practiced
Discuss common side-channel attacks (timing attacks, cache attacks, power analysis) relevant to cryptographic operations in cloud environments. For each, describe detection techniques, mitigation strategies for deployed libraries (constant-time implementations, blinding, hardware isolation), and pragmatically how you'd prioritize fixes in production.
HardTechnical
58 practiced
You are auditing an application that uses AES-GCM but concatenates ciphertexts produced over time with the same key and a simple 32-bit integer nonce that rolls over. Explain the risks, how to demonstrate the exploitability of nonce reuse, and propose a safe remediation strategy suitable for a high-throughput service.
HardSystem Design
51 practiced
Design a secure audit logging architecture for cryptographic operations: key access, envelope encryption/decryption, key rotation, and admin operations. Ensure the audit trail preserves necessary forensic detail while protecting sensitive key material, supports tamper-evidence, and meets compliance requirements for retention and access control.

Unlock Full Question Bank

Get access to hundreds of Cryptography and Encryption Fundamentals interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.

30+ Cryptography and Encryption Fundamentals Interview Questions & Answers (2026) | InterviewStack.io