How do I approach Software Engineering Fundamentals interview questions?

Software Engineering Fundamentals questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master software engineering fundamentals interviews.

What difficulty level is this interview question?

This is a medium difficulty Software Engineering Fundamentals question, commonly asked during Technical Screen rounds at Cloudflare.

What role is this question designed for?

This question is commonly asked for Software Engineer candidates at Cloudflare during technical interviews.

Design an encrypted key-value store with login | Cloudflare Interview Question

Q: Design an encrypted key-value store with login

This question evaluates a candidate's understanding of secure authentication, key management, and applied cryptography for encrypting data at rest within a user-scoped key–value store.

Prompt

Design a small key–value store that supports user login and ensures values are encrypted at rest using a user-provided password.

You may assume this is a standalone service/library (language-agnostic) and you can use standard cryptographic primitives from a library (you do not need to implement AES/SHA yourself).

Requirements

Authentication / login
- Users can register and then log in with a password.
- The system must not store plaintext passwords.
Encrypted-at-rest values
- put(key, value) stores the value such that if the database/file is leaked, values are not readable without the user’s password.
- get(key) returns the decrypted value for an authenticated user.
Basic API surface (suggested)
- Register(username, password)
- Login(username, password) -> session/token
- Put(session, key, value)
- Get(session, key) -> value
- Optional: Delete(session, key) / ListKeys(session)
Threat model / constraints
- Assume an attacker can obtain the underlying storage (DB/file) but not the running process memory.
- Consider common pitfalls (e.g., deterministic encryption, IV reuse, password hashing vs encryption keys).

What to provide

A high-level design (data model + flow) showing how you would store:
- user credentials
- encrypted values
- any metadata needed for decryption
A description of cryptographic choices and why they are safe.
Key edge cases (password change, corruption, wrong password, multi-user isolation).

Prompt

Design a small key–value store that supports user login and ensures values are encrypted at rest using a user-provided password.

You may assume this is a standalone service/library (language-agnostic) and you can use standard cryptographic primitives from a library (you do not need to implement AES/SHA yourself).

Requirements

Authentication / login

Users can register and then log in with a password.
The system must not store plaintext passwords.

Encrypted-at-rest values

put(key, value) stores the value such that if the database/file is leaked, values are not readable without the user’s password.
get(key) returns the decrypted value for an authenticated user.

Basic API surface (suggested)

Register(username, password)
Login(username, password) -> session/token
Put(session, key, value)
Get(session, key) -> value
Optional: Delete(session, key) / ListKeys(session)

Threat model / constraints

Assume an attacker can obtain the underlying storage (DB/file) but not the running process memory.
Consider common pitfalls (e.g., deterministic encryption, IV reuse, password hashing vs encryption keys).

Design an encrypted key-value store with login

Quick Overview

Prompt

Requirements

What to provide

Solution

Submit Your Answer to Earn 20XP

Design an encrypted key-value store with login

Quick Overview

Prompt

Requirements

What to provide

Solution

Submit Your Answer to Earn 20XP