The most critical Concepts to know about Security and Encryption for Interviews. Learn Security and Encryption concepts and prepare for your Computer Science job interview with this quick Security and Encryption interview preparation guide.
- Man in the middle attack — intercept and mutate private IP packet from client to server Encryption and HTTPS protection.
- TLS Handshake — establishing a secure connection between client and server. The client sends a string of random bytes (client hello) -> server sends another string of random bytes (server hello) + SSL Certificate with public key -> client verifies the certificate with Certificate Authority and sends premaster secret encrypted with a public key string of random bytes -> client and server use client hello, server hello and premaster secret to generate session key (using symmetric encryption), and encrypt all the data during communication;
- Symmetric Encryption — Use one key to encrypt and decrypt data. Faster than Asymmetric. Its algorithms are part of the Advanced Encryption Standard (AES).
- Advanced Encryption Standard — standard symmetric encryption algorithms (AES — 128, AES — 192, AES — 256).
- Asymmetric Encryption — public and private keys to encrypt and decrypt. Data encrypted with a public key (can be shared), maybe only decrypted with a private key (need to be secure). Slower than symmetric.
- HTTPS — secure connection. The server requires an SSL Certificate and uses TLS to communicate (encrypt data) between server clients.
- TLS — transport layer security protocol built on top of TCP.
- SSL Certificate — server was granted a digital certificate by Certificate Authority. Contains servers public key. To establish TLS handshake in HTTPS connection.
- Certificate Authority — an entity that verifies the certificate source of the public key.