This is an information age, where data is your most valuable asset. This is true for everyone, whether you are an individual or an organization. Information and communication, therefore, are often well protected with the help of a method called cryptography.
These secure techniques for transferring information and communicating from one system or person to another are generally based on a set of mathematical concepts.
They use a variety of rule-oriented calculations, commonly called algorithms. This converts the message to be conveyed into a form that cannot be easily deciphered. Of course, some methods are more secure than others.
Experts use such algorithms to ensure the privacy of your data, browsing on the internet, confidential information transfer like financial transactions, user and customer data, etc.
If you are headed on your way to an important interview where cryptography is either the main role or even involved in your responsibilities, here are some questions to help you out.
1. What is cryptography?
Ans. Cryptography is the process of transforming a message into a secret code so that only the intended recipient can read it.
It has been in use for centuries. However, with the invention of computers and their power to calculate faster than humans can do by hand, it became easier for people to break these codes. Therefore, modern cryptography usually relies on computers to generate codes that are nearly impossible to crack without knowing the original message.
The most famous example of cryptography is the Caesar cipher, where each letter in a message is shifted three letters down in the alphabet.
2. Explain the CIA triad
Ans. The CIA refers to three main pillars that are used to guide Information Security policies, namely:
Confidentiality – This means that access and readability of information must be reserved for those authorized to do so. This requires information to be well encrypted. This ensures that even if data is hacked, it is not readable.
Integrity – This involves the process of ensuring that the data does not have unauthorized entries or modifications. This includes making sure that data should be reversed or corrupted if a modification fails.
Availability – Data must be available to authorized personnel as and when they require it. This means backups, recoveries, and upgrades must be taken care of regularly.
3. Explain Encryption and Decryption
Ans. Encryption works to convert any data or information from an easily readable or understandable form to what appears to be nonsense or gibberish. The receiving party of this information would be required to unscramble this information. This unscrambling is what is referred to as decryption.
4. Differentiate between a public and private key
Ans. A public key is available to a group of people who may use it to decrypt information or data. This may even be available on public platforms or forums. On the other hand, a private key is only available to the person for whom the information is intended. Keys are a major part of the decryption process.
5. Describe Asymmetric and symmetric key systems.
Ans. Symmetric key systems make use of a private key, while asymmetric key systems use both private and public keys. Further, symmetric keys are used for public key infrastructure.
6. Name the mathematical algorithms most commonly used in symmetric cryptography.
Ans. The most used mathematical algorithms for symmetric cryptography are the following:
i. The Needham-Schroder algorithm
ii. The Digital Encryption Standard algorithm (DES)
iii. The Triple-Digit Encryption Standard algorithm (3DES)
iv. The International Data Encryption Algorithm (IDEA)
v. The Advanced Encryption Standard algorithm (AES)
7. What is the role of digital certificates in Asymmetric encryption?
Ans. Asymmetrical encryption requires the discovery of public keys. This is typically done with digital certificates that are included in a client-server communication model. The certificate, which is a package of information, identifies both the user and the server. This can be used to identify the certificate holder.
8. What is a session key?
Ans. A session key usually helps secure communication between two parties. It is transmitted with each message between client and server, user and client, or two computers. They are encrypted with the receiver’s public key.
9. What is RSA
Ans. RSA is the name given to a public key algorithm that helps in key management or digital signatures in asymmetric encryption. Both 1024 and 2-48 bit RSAs are available and are used in addition to a public key for conveying encrypted messages.
10. Define blowfish
Ans. A blowfish refers to an asymmetric block key cipher that is quick but requires pre-processing equivalent when changing keys.
11. What is FEAL
Ans. The FEAL Algorithm is a block cipher that is designed to be efficient in both software and hardware.
12. What are block ciphers?
Ans. Block ciphers are a type of symmetric-key encryption algorithm. They work by breaking up the message into blocks and encrypting each individual block of plaintext separately.
Block cipher applies keys and algorithms to blocks of data as opposed to individual bits that form a stream. Examples include AES 256, 3DES.
13. What is a one-way hash function?
Ans. A one-way hash function is a mathematical algorithm that takes an input (usually of any length) and produces a fixed-length output.
This function is unidirectional, meaning that the input cannot be easily determined from the output. One-way hash functions are typically used to index data in databases or for error checking.
14. What are trapdoor functions?
Ans. Trapdoor functions are those functions that can easily be solved in one direction but are quite time-consuming and difficult in the other direction. Performing the reverse calculation with ease is possible, but requires a specific process.
15. What is the most obvious vulnerability in a standard Diffie Hellman exchange?
Ans. A man in the middle attack.
16. What is the difference between SSL and HTTPS?
Ans. SSL refers to Secure Sockets Layer, the tech that keeps the internet safe. It safeguards all data sent between two systems.
HTTPS or hypertext transfer protocol is used by websites that are secured by an SSL certificate issued by an authority.
17. What are the main applications of hash functions?
Ans. A hash function can be used in any application that requires mapping arbitrarily sized data to a fixed size dataset.
18. What does collision refer to in hash functions?
Ans. When hash functions match dual inputs to a single output or hash, it is said to undergo collision.
19. What is salting?
Ans. Salting refers to the act of adding a random value to passwords to obfuscate the password post hashing.
20. Why is salting used?
Ans. Since people tend to reuse passwords, an attacker with a list of common passwords or stolen ones finds his job easier. A Salt is a randomly generated number, but it reduces the possibility of being in a pre-calculated table.
21. What is a three-way handshake?
Ans. A three-way handshake is used in a TCP/IP network to connect between localhost or client to a server. The connection is established in three steps:
i. Client requests connection to server with an SYN message
ii. Server responds with SYN-ACK message
iii. Client then replies with ACK
22. What are rainbow tables?
Ans. Rainbow tables are pre-computed tables that consist of hash values matched to plaintext passwords. These can be used by hackers to match stolen hashes to probable passwords. It allows passwords to be cracked in less time but requires high storage capabilities.
23. What is MAC in terms of cryptography?
Ans. MAC or Message Authentication code checks the integrity or authenticity of the message or media access control device.
24. What are some applications of cryptography in today’s world?
Ans. Some common applications are:
i. Card payments
ii. Computer and other passwords
iii. Online shopping
vi. Protocol design
vii. Data validation
25. Why does data need cryptography?
Ans. There are many risks to data in today’s world. Hackers could easily get data of your financial transactions, bank details, and so on from your devices. Organizations could go through huge reputational and financial damage. A lot of customer data is at stake as well. These are the key reasons cryptography is a crucial part of data security and should be included.
26. What kind of data can undergo cryptographic protections?
Ans. There is no limit on the data that could be stored under cryptography. These include personal financial papers, passwords, confidential information, defense applications, business data and strategies, and so many more.
27. What is DSA
Ans. DSA or digital signature algorithm offers instantaneous signature generation and information verification. It handles key sizes up to 1024 bits.
28. What are two signature schemes used in cryptography?
Ans. Two signature schemes are a special signature scheme and a blind signature scheme.
29. Why is SSL not enough for encryption?
Ans. SSL only protects your data when it is transiting. Once it reaches the receiver, it does not protect data. Also, SSL does not encrypt your data. This could be a vulnerability when it comes to handling metadata. This allows your potential hacker to build a user profile and take network maps into account.
30. Name some kinds of block cipher modes of operations.
Ans. Some earlier methods that gave confidentiality without taking into account integrity were ECB, CBC, OFB, and XTS. The latest, MAC, makes up for what they could not provide.
These questions help you confidently face the interview on cryptography. This interesting field definitely has a lot of scopes, and this quick refresher should put you all set to ace that interview. Cryptography is a vast field, but if you were looking for the most commonly asked questions or wanted a quick brush up before your big day, these questions should get you far.
31. What is a Pre-Shared Key?
Ans. In cryptography, pre-shared key encryption algorithms are a category of algorithms that uses a shared key to encrypt messages. The sender and receiver must have knowledge of the shared key beforehand to decrypt the message.
This is why pre-shared key encryption algorithms are also called private-key encryption algorithms. Other types of key encryption, such as public-key encryption, don’t require pre-knowledge of the keys by both parties in order for the message to be decrypted.
32. What Is the Difference Between a Cryptographer and a Crypter?
Ans. A cryptographer is essentially someone who does cryptography, which means designing or analyzing any aspect of encryption. A crypter on the other hand is an individual trying to sneakily disguise some malware as something else like a useful program so it can spread undetected.