Cryptographic failures occur when applications improperly implement cryptographic controls to protect sensitive information. These failures may result from weak algorithms, poor key management, improper certificate validation, insecure random number generation, missing encryption, or incorrect implementation of cryptographic protocols.

As modern applications increasingly rely on encryption to protect data at rest, data in transit, authentication tokens, and secrets, cybersecurity professionals must thoroughly understand cryptographic principles and common implementation mistakes. The following interview questions help experienced AppSec, VAPT, and security professionals prepare for technical interviews involving cryptographic failures.

1. What is a Cryptographic Failure?

Answer:
A cryptographic failure occurs when cryptographic mechanisms are absent, weak, incorrectly implemented, or improperly managed, resulting in exposure of sensitive information.

2. Why did OWASP rename Sensitive Data Exposure to Cryptographic Failures?

Answer:
The focus shifted from merely exposed data to identifying the root cause: incorrect cryptographic design, implementation, or management.

3. What is the difference between encryption and hashing?

Answer:
Encryption is reversible using a key, while hashing is a one-way operation designed to verify integrity.

Parameter	Encryption	Hashing
Purpose	Protect confidentiality of data	Verify integrity of data
Process	Converts plaintext into ciphertext	Converts input into a fixed-size hash value
Reversible	Yes, using a decryption key	No, one-way operation
Key Required	Yes, encryption and decryption keys are required	No key required for standard hashing
Output Size	Depends on input size	Fixed output size
Original Data Recovery	Possible through decryption	Not possible
Primary Use	Data confidentiality	Data integrity and password verification
Examples of Algorithms	AES, RSA, ChaCha20	SHA-256, SHA-512, SHA-3
Password Storage	Not recommended	Recommended using bcrypt, Argon2, or PBKDF2
Data Transmission	Used to protect data in transit and at rest	Used to verify that data has not changed
Attack Risks	Key compromise can reveal data	Collision attacks or brute-force attacks
Typical Applications	TLS, VPN, disk encryption, secure messaging	Password storage, file integrity, digital signatures
Output Example	AES(Hello) → 8F4A3D...	SHA-256(Hello) → 185F8D...
Security Goal	Confidentiality	Integrity
OWASP Relevance	Weak encryption causes cryptographic failures	Weak hashing can expose passwords

4. What is symmetric encryption?

Answer:
The same key is used for both encryption and decryption.

Examples:

• AES
• ChaCha20

5. What is asymmetric encryption?

Answer:
Different keys are used:

• Public key for encryption.
• Private key for decryption.

Examples:

• RSA
• ECC

6. What is AES?

Answer:
Advanced Encryption Standard is a symmetric encryption algorithm widely used to protect sensitive data. It is a symmetric block cipher used to encrypt and decrypt sensitive information. It was developed by the U.S. National Institute of Standards and Technology (NIST) and is widely used worldwide to protect data at rest and data in transit.

Algorithm	Key Size	Number of Rounds
AES-128	128 bits	10
AES-192	192 bits	12
AES-256	256 bits	14

7. What AES key sizes are commonly used?

Answer:

• AES-128
• AES-192
• AES-256

8. Why is DES insecure?

Answer:
DES (Data Encryption Standard) is considered insecure because it uses a 56-bit encryption key, which is too small to withstand modern brute-force attacks. With today's computing power, attackers can systematically try all possible keys and recover the plaintext within a practical amount of time.

9. Why should MD5 not be used?

Answer:
MD5 is vulnerable to collision attacks and should not be used for security purposes. Password databases hashed with MD5 can be cracked quickly. File integrity checks using MD5 can be bypassed. Digital certificates and signatures using MD5 can be forged.

10. Why is SHA-1 deprecated?

Answer:
Collision attacks have been demonstrated against SHA-1. In 2017, researchers demonstrated a practical collision attack known as SHAttered, proving that two different PDF files could generate the same SHA-1 hash. This showed that SHA-1 no longer provides adequate security for modern applications.

11. Which hashing algorithms are currently recommended?

Answer: Modern cryptographic applications require strong hashing algorithms that provide resistance against collision, preimage, and brute-force attacks. Older algorithms such as MD5 and SHA-1 are considered insecure and should not be used for security-sensitive applications.

• SHA-256
• SHA-384
• SHA-512

Algorithm	Recommended Use
SHA-256	File integrity, digital signatures, certificates
SHA-384	High-security applications
SHA-512	Digital signatures, cryptographic protocols
SHA-3	Next-generation hashing applications
Argon2id	Password storage
bcrypt	Password storage
PBKDF2	Password-based key derivation
scrypt	Password storage

12. What is salting?

Answer:
A random value added to passwords before hashing to prevent rainbow table attacks. Salting is the process of adding a unique random value, called a salt, to a password before hashing it. The salt ensures that even if two users have the same password, their stored password hashes will be different.

Without salting, identical passwords generate identical hashes, allowing attackers to use precomputed rainbow tables or identify users with the same passwords. By adding a unique salt to each password, these attacks become significantly more difficult.

Example:

Password: Password123

Salt: X7@k9P!

Combined value: Password123X7@k9P!

The combined value is then hashed and stored.

Benefits of Salting

• Prevents rainbow table attacks.
• Ensures identical passwords produce different hashes.
• Increases the difficulty of brute-force attacks.
• Protects against large-scale password database compromises.

Modern password hashing algorithms such as bcrypt, Argon2, and PBKDF2 automatically generate and store salts.

13. Why should passwords never be encrypted?

Answer:
Passwords should never be encrypted because encryption is a reversible process. Anyone who obtains the encryption key can decrypt and recover all stored passwords. During user authentication, applications do not need to know the original password; they only need to verify whether the entered password matches the stored value.

14. Which algorithms are suitable for password storage?

Answer:

• Argon2
• bcrypt
• PBKDF2
• scrypt

15. What is bcrypt?

Answer:
A password hashing algorithm that incorporates salting and configurable work factors. When a password is hashed using bcrypt:

• The resulting hash and salt are stored together.
• A unique random salt is automatically generated.
• The password and salt are combined.
• The bcrypt algorithm repeatedly processes the data according to the configured cost factor.

16. What is Argon2?

Answer:
Argon2 is a modern password hashing and key derivation algorithm specifically designed to securely store passwords and resist brute-force attacks. It was the winner of the Password Hashing Competition (PHC) in 2015 and is currently considered one of the strongest algorithms for password storage.

Unlike traditional hashing algorithms such as MD5 or SHA-1, Argon2 is memory-hard, meaning it requires both significant CPU resources and memory to compute the hash. This makes attacks using GPUs, ASICs, and parallel hardware much more expensive and difficult.

17. What is a digital certificate?

Answer:
A certificate binds a public key to an entity's identity.

18. What is TLS?

Answer:
Transport Layer Security protects data transmitted over networks.

19. What versions of TLS should be avoided?

Answer:

• SSL 2.0
• SSL 3.0
• TLS 1.0
• TLS 1.1

20. Why is certificate validation important?

Answer:
Certificate validation is the process of verifying that a digital certificate is authentic, trusted, valid, and belongs to the intended server or entity. Proper certificate validation ensures that users are communicating with a legitimate server and not an attacker.

21. What is certificate pinning?

Answer:
The application trusts only specific certificates or public keys.

22. What is Perfect Forward Secrecy?

Answer:
Compromise of long-term keys does not compromise previous sessions.

23. What is key management?

Answer:
Processes involving:

• generation
• storage
• distribution
• rotation
• destruction

24. Why is hardcoded cryptographic material dangerous?

Answer:
Hardcoded cryptographic material refers to encryption keys, passwords, API keys, certificates, tokens, or secrets that are directly embedded within source code, configuration files, mobile applications, firmware, or binaries. Hardcoding sensitive information is dangerous because attackers can extract these secrets through reverse engineering, source code disclosure, or binary analysis.

Once a cryptographic key is exposed, attackers may:

• Decrypt sensitive data.
• Forge authentication tokens.
• Impersonate legitimate users.
• Access protected systems.
• Compromise all devices using the same key.

Example

String key = "MySecretKey123";

An attacker analyzing the application can easily retrieve the key.

25. What is a Hardware Security Module?

Answer:
A Hardware Security Module (HSM) is a dedicated tamper-resistant hardware device designed to securely generate, store, manage, and use cryptographic keys. The keys remain inside the HSM and are never exposed to the host system in plaintext.

An HSM performs cryptographic operations such as:

• Key generation
• Encryption and decryption
• Digital signing
• Key wrapping
• Certificate management

Key Features

• FIPS 140-certified implementations.
• Physical tamper resistance.
• Secure key storage.
• Hardware-based cryptographic operations.
• Access control and auditing.

26. What is a TPM?

Answer:
A Trusted Platform Module (TPM) is a dedicated security chip that provides hardware-based security functions by securely storing cryptographic keys, certificates, passwords, and platform measurements.

A TPM establishes a hardware root of trust and supports security features such as:

• Secure key storage
• Platform integrity measurement
• Secure boot
• Disk encryption
• Device authentication
• Remote attestation

TPM Functions

• Protect secrets from software attacks.
• Generate cryptographic keys.
• Store keys securely.
• Measure boot components.

27. What is a Secure Element?

Answer:
A Secure Element (SE) is a tamper-resistant hardware component designed to securely store cryptographic keys, execute cryptographic operations, and protect sensitive information from physical and logical attacks.

Unlike a TPM, which primarily protects the platform, a Secure Element protects specific applications, identities, or credentials.

Secure Elements are commonly found in:

• Automotive systems
• Smart cards
• SIM cards
• Payment cards
• Smartphones
• IoT devices

28. What is entropy?

Answer:
Entropy in cryptography refers to the measure of randomness or unpredictability used to generate cryptographic values such as encryption keys, passwords, session tokens, initialization vectors, and nonces. Higher entropy means the generated values are more random and therefore more difficult for attackers to predict.

Strong cryptographic systems depend on high-quality entropy. If the randomness used during key generation is weak or predictable, attackers may be able to guess or reproduce cryptographic keys, compromising the entire security system.

Examples of Cryptographic Values Requiring Entropy

• Encryption keys
• Session IDs
• Password salts
• Nonces
• Initialization Vectors (IVs)
• One-time passwords

Example

Low entropy:

Password123
admin123
123456

High entropy:

A7$kP9!mQ2@xL8#

The second example is much harder to predict or brute force.

29. Why are weak random number generators dangerous?

Answer:
Weak random number generators (RNGs) are dangerous because they produce predictable or insufficiently random values, which can compromise the security of cryptographic systems. Cryptographic operations rely heavily on randomness to generate keys, session IDs, nonces, initialization vectors (IVs), salts, and authentication tokens.

If the generated values are predictable, attackers may be able to guess or reproduce them, leading to complete compromise of the security mechanism.

Cryptographic Values That Depend on RNGs

• Encryption keys
• Session tokens
• Password salts
• Initialization Vectors (IVs)
• Nonces
• One-time passwords
• API tokens

Example

Weak random numbers:

12345
12346
12347

Predictable values make it easier for attackers to guess future outputs.

Strong random numbers:

8F7A9C4D21B5E6F8

These values are difficult to predict.

30. What is a nonce?

Answer:
A nonce (Number Used Once) is a unique and random value that is generated for a single cryptographic operation or communication session. As the name suggests, a nonce should only be used once and never reused.

Nonces are primarily used to prevent replay attacks, where an attacker captures a valid message and retransmits it later to perform unauthorized actions.

During authentication or communication:

1. The server generates a unique nonce.
2. The client includes the nonce in its response.
3. The server verifies the nonce.
4. The nonce becomes invalid after use.

Example

Server → Nonce: 873452
Client → Login Request + Nonce
Server → Verify Nonce

If an attacker reuses the same message later, the server rejects it because the nonce has already been used.

31. What is an IV?

Answer:
An Initialization Vector (IV) is a random or unique value used along with an encryption key to add randomness to the encryption process. The IV ensures that the same plaintext encrypted multiple times with the same key produces different ciphertexts.

Without an IV, encrypting identical data with the same key would generate identical ciphertext, allowing attackers to identify patterns and potentially compromise the encrypted data.

Example

Suppose the plaintext is:

Password123

Using the same key without an IV:

Ciphertext = A1B2C3D4

Encrypting the same plaintext again:

Ciphertext = A1B2C3D4

An attacker can recognize that the plaintext is identical.

With a random IV:

IV1 + Key → Ciphertext A
IV2 + Key → Ciphertext B

The ciphertext changes even though the plaintext and key remain the same.

32. Why should ECB mode be avoided?

Answer:
ECB (Electronic Codebook) mode should be avoided because it encrypts identical plaintext blocks into identical ciphertext blocks when the same encryption key is used. As a result, patterns present in the original data remain visible in the encrypted output, which can leak sensitive information to attackers.

In ECB mode, each plaintext block is encrypted independently:

Plaintext Block 1 → Encrypt → Ciphertext Block 1
Plaintext Block 2 → Encrypt → Ciphertext Block 2

If two plaintext blocks are identical:

Block A = "PASSWORD"
Block B = "PASSWORD"

The resulting ciphertext blocks will also be identical:

Ciphertext A = 8F4A92C7
Ciphertext B = 8F4A92C7

An attacker observing the ciphertext can identify repeating patterns, even without knowing the encryption key.

33. What block cipher modes are recommended?

Answer: Modern cryptographic implementations should use secure block cipher modes that provide confidentiality and, preferably, integrity protection. The choice of block cipher mode is important because even a strong encryption algorithm such as AES can become insecure if used with an inappropriate mode.

The following block cipher modes are commonly recommended:

1. GCM (Galois/Counter Mode)

• Provides both encryption and authentication.
• Ensures confidentiality and integrity.
• Widely used in TLS 1.2 and TLS 1.3.
• Recommended for modern applications.

Example: AES-GCM

2. CBC (Cipher Block Chaining)

• Each plaintext block depends on the previous ciphertext block.
• Requires a random Initialization Vector (IV).
• Prevents pattern leakage seen in ECB mode.
• Still widely used in legacy systems.

Note: CBC provides confidentiality but requires additional mechanisms for integrity protection.

3. CTR (Counter Mode)

• Requires unique nonces or counters.
• Converts a block cipher into a stream cipher.
• Supports parallel processing.
• High performance.

34. What is authenticated encryption?

Answer:

Authenticated Encryption (AE) is a cryptographic technique that provides both confidentiality and integrity simultaneously. It not only encrypts the data to keep it confidential but also ensures that the data has not been modified or tampered with during storage or transmission.

Traditional encryption algorithms may protect confidentiality, but they do not always verify whether the ciphertext has been altered. Authenticated encryption solves this problem by generating an authentication tag along with the ciphertext.

During decryption:

1. The receiver verifies the authentication tag.
2. If the tag is valid, the data is decrypted.
3. If the tag verification fails, the data is rejected.

Example

Plaintext
     ↓
Encryption + Authentication
     ↓
Ciphertext + Authentication Tag
     ↓
Receiver verifies tag
     ↓
Successful decryption

If an attacker modifies even a single bit of the ciphertext, the authentication check fails and the data is rejected.

Common Authenticated Encryption Algorithms

• AES-GCM (Galois/Counter Mode)
• AES-CCM (Counter with CBC-MAC)
• ChaCha20-Poly1305

35. What is digital signing?

Answer:
Digital signing is a cryptographic process used to verify the authenticity, integrity, and non-repudiation of digital data. A digital signature proves that the data was created by the legitimate sender and has not been modified during transmission.

The sender generates a hash of the message and encrypts the hash using their private key. The recipient decrypts the signature using the sender's public key and compares the calculated hash with the received hash. If both values match, the message is considered authentic and unaltered.

Document
↓
Hash Generated
↓
Encrypted using Sender's Private Key
↓
Digital Signature

36. What is a replay attack?

Answer:
A replay attack occurs when an attacker captures a valid communication message and retransmits it later to gain unauthorized access or repeat a legitimate transaction. The attacker does not need to understand or modify the message; simply replaying it may achieve the desired result.

For example, an attacker captures a valid authentication token or payment request and resends it to the server. If the server does not verify freshness, timestamps, or nonces, it may process the request again.

37. What is a man-in-the-middle attack?

Answer:
A Man-in-the-Middle (MITM) attack occurs when an attacker secretly intercepts and potentially modifies communication between two parties without their knowledge. Both parties believe they are communicating directly, while the attacker sits between them.

38. What is key rotation?

Answer:
Key rotation is the process of periodically replacing cryptographic keys with new keys to reduce the risk of key compromise and limit the amount of data protected by a single key. Regular key rotation ensures that even if a key is exposed, the impact is limited to a specific period or dataset.

Over time, cryptographic keys may become vulnerable due to:

• Key compromise
• Insider threats
• Increased computational capabilities
• Long-term cryptanalysis
• Accidental exposure
• Regulatory requirements

How Key Rotation Works

• Obsolete keys are securely destroyed.
• A new cryptographic key is generated.
• New data is encrypted using the new key.
• Existing encrypted data may be gradually re-encrypted.
• Old keys are retained temporarily for decryption purposes.

39. What is envelope encryption?

Answer:
Envelope encryption is a cryptographic technique in which the actual data is encrypted using a Data Encryption Key (DEK), and the DEK itself is encrypted using a separate Key Encryption Key (KEK), also known as a master key.

This approach improves security and simplifies key management because the master key does not directly encrypt large amounts of data.

How Envelope Encryption Works

1. A random Data Encryption Key (DEK) is generated.
2. The DEK encrypts the sensitive data.
3. A Key Encryption Key (KEK) encrypts the DEK.
4. The encrypted data and encrypted DEK are stored together.
5. During decryption:
   • The KEK decrypts the DEK.
   • The DEK decrypts the data.

Example

Sensitive Data
↓
Encrypt using DEK
↓
Encrypted Data

DEK
↓
Encrypt using KEK
↓
Encrypted DEK

40. What is key escrow?

Answer:
Keys are stored with trusted entities for recovery. It is the practice of storing a copy of a cryptographic key with a trusted third party or secure escrow system so that the key can be recovered if the original key is lost, damaged, or unavailable.

In a key escrow system, the encryption key is securely deposited with an authorized entity, which can release the key only under predefined conditions such as:

• Authorized investigations
• Key loss or corruption
• Disaster recovery
• Business continuity requirements
• Legal or regulatory requirements

41. What is tokenization?

Answer:
Tokenization is a data protection technique in which sensitive information is replaced with a non-sensitive substitute value called a token. The token has no mathematical relationship to the original data and cannot be used to derive the original value.

The actual sensitive data is stored securely in a separate system known as a token vault, while applications and databases use the token instead of the real data.

Example

Original Credit Card Number:

4111 1111 1111 1111

After tokenization:

TKN-84F7A92C

The application stores and processes the token, while the actual credit card number remains protected in the secure vault.

42. What is data at rest encryption?

Answer:
Data at rest encryption is the process of encrypting data that is stored on physical or virtual storage media to protect it from unauthorized access. The data remains encrypted while stored and can only be accessed by authorized users or applications possessing the appropriate cryptographic keys.

Data at rest includes:

• Database records
• Files and documents
• Backup media
• Hard disks and SSDs
• Cloud storage
• Mobile device storage
• Log files

If an attacker gains access to the storage device, database, backup, or cloud storage, the encrypted data remains unreadable without the decryption key.

43. What is data in transit encryption?

Answer:
Data in transit encryption is the process of encrypting data while it is being transmitted between systems, applications, devices, or networks. The objective is to protect the confidentiality and integrity of the data from interception, eavesdropping, or modification by unauthorized parties.

Common Protocols Used

• TLS (Transport Layer Security)
• HTTPS
• SSH
• VPN protocols
• IPsec

44. What is end-to-end encryption?

Answer:
End-to-End Encryption (E2EE) is a security mechanism in which data is encrypted at the sender's device and can only be decrypted by the intended recipient. The encryption keys remain exclusively with the communicating parties, ensuring that intermediaries such as servers, service providers, network devices, or attackers cannot access the plaintext data.

In an E2EE system:

• Intermediate systems can only see the encrypted data.
• The sender encrypts the message using the recipient's public key.
• The encrypted message travels through servers or networks.
• The recipient decrypts the message using their private key.

45. How do APIs suffer cryptographic failures?

Answer: APIs can suffer from cryptographic failures when sensitive data is transmitted, stored, or processed without proper cryptographic protections. These weaknesses may expose authentication tokens, API keys, user credentials, or confidential business data to attackers.

Common cryptographic failures in APIs include:

• Insecure Random Number Generation: Predictable tokens or session identifiers.
• Missing TLS: APIs transmitting data over HTTP instead of HTTPS expose credentials and sensitive data to eavesdropping and man-in-the-middle attacks.
• Weak TLS Configuration: Supporting outdated protocols such as SSL, TLS 1.0, or weak cipher suites.
• Weak JWT Secrets: Using predictable or short signing keys allows attackers to forge tokens.
• Improper JWT Validation: Failure to validate signatures, expiration times, or accepted algorithms.
• Hardcoded API Keys and Secrets: Storing keys within source code, mobile applications, or client-side JavaScript.
• Sensitive Data Exposure: Sending passwords, tokens, or personal information in plaintext.
• Weak Password Hashing: Using MD5 or SHA-1 for credential storage.
• Improper Key Management: Failure to rotate, protect, or securely store cryptographic keys.

46. What is JWT signing?

Answer:
JWT signing is the process of applying a cryptographic signature to a JSON Web Token (JWT) to ensure its integrity and authenticity. The signature allows the server to verify that the token has not been modified after it was issued.

The signature is generated using:

• The JWT header
• The JWT payload
• A secret key or private key

47. Why is “alg:none” dangerous?

Answer:
"alg:none" is dangerous because it disables JWT signature verification, allowing attackers to forge or modify tokens and potentially bypass authentication or authorization mechanisms.

48. What are common cryptographic findings during VAPT?

Answer:

• Weak TLS.
• Hardcoded keys.
• MD5 usage.
• Missing encryption.
• Weak passwords.

49. How do you test cryptographic implementations?

Answer: Testing cryptographic implementations involves verifying whether strong cryptographic algorithms, secure protocols, proper key management, and secure configurations are being used to protect sensitive information. The objective is to identify weaknesses that could lead to data exposure, unauthorized access, or cryptographic failures.

During a security assessment, the following areas are typically evaluated:

• Encryption Algorithms: Verify whether strong algorithms such as AES-256 are used and identify deprecated algorithms like DES, 3DES, RC4, MD5, or SHA-1.
• TLS Configuration: Assess supported SSL/TLS versions, cipher suites, and certificate configurations.
• Certificate Validation: Check certificate validity, expiration, trust chains, and hostname verification.
• Password Storage: Verify whether passwords are stored using secure hashing algorithms such as Argon2, bcrypt, or PBKDF2.
• Key Management: Review key generation, storage, rotation, and protection mechanisms.
• Random Number Generation: Ensure cryptographically secure random number generators are used.
• Data Protection: Verify encryption of sensitive data both at rest and in transit.
• Application Code Review: Examine hardcoded keys, secrets, initialization vectors, and insecure cryptographic APIs.
• API Security: Assess token signing, JWT validation, and secret management.

Common Testing Tools

• OpenSSL
• testssl.sh
• SSL Labs
• Burp Suite
• Wireshark
• Static code analysis tools

Typical Findings

• Insecure random number generation
• Weak TLS versions (SSL, TLS 1.0)
• Hardcoded encryption keys
• Use of MD5 or SHA-1
• Missing encryption of sensitive data
• Weak password hashing
• Improper certificate validation

50. What are the best practices to prevent cryptographic failures?

Answer:

• Use strong algorithms.
• Implement secure key management.
• Use approved libraries.
• Enable TLS 1.2/1.3.
• Rotate keys regularly.
• Protect secrets.
• Perform regular security reviews.