Code Room
Code reviewHardcr-g443
Subject Crypto misuseLevel Senior–Staff~22 minCommon in Security interviewsIndustries Software development

Question

Review this Java field-encryption helper used to store PII columns.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
public class FieldCrypto {    private final SecretKey key; // AES-256, loaded from KMS     public FieldCrypto(SecretKey key) {        this.key = key;    }     public byte[] encrypt(byte[] plaintext) throws Exception {        Cipher c = Cipher.getInstance("AES");        c.init(Cipher.ENCRYPT_MODE, key);        return c.doFinal(plaintext);    }     public String encryptField(String value) throws Exception {        return Base64.getEncoder().encodeToString(encrypt(value.getBytes(StandardCharsets.UTF_8)));    }}
Run or narrate your approach, then ask the coach.