312-50V10 · Question #144
In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?
The correct answer is C. Salting. Salting is the cryptographic technique of appending or prepending a random string of characters to a password before hashing it, ensuring that identical passwords produce different hash values.
Question
In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?
Options
- AKeyed Hashing
- BKey Stretching
- CSalting
- DDouble Hashing
How the community answered
(30 responses)- B3% (1)
- C90% (27)
- D7% (2)
Why each option
Salting is the cryptographic technique of appending or prepending a random string of characters to a password before hashing it, ensuring that identical passwords produce different hash values.
Keyed hashing (e.g., HMAC) incorporates a secret key into the hashing algorithm itself rather than adding a random string to the password input prior to hashing.
Key stretching (e.g., PBKDF2, bcrypt) increases the computational cost of hashing by applying the hash function many times in iteration, but does not describe adding random characters to the password.
A salt is a randomly generated value that is concatenated with a plaintext password before the hash function is applied. This ensures that even two users with the same password will have different stored hashes, effectively defeating precomputed rainbow table attacks and making brute-force efforts per-account rather than global.
Double hashing applies a hash function twice to the password but does not involve adding any random string, leaving it still vulnerable to rainbow table attacks.
Concept tested: Password salting to prevent rainbow table attacks
Source: https://csrc.nist.gov/publications/detail/sp/800-132/final
Topics
Community Discussion
No community discussion yet for this question.