nerdexam
EC-Council

312-50V10 · Question #144

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

The correct answer is C. Salting. Salting is the cryptographic technique of appending or prepending a random string of characters to a password before hashing it, ensuring that identical passwords produce different hash values.

Cryptography

Question

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

Options

  • AKeyed Hashing
  • BKey Stretching
  • CSalting
  • DDouble Hashing

How the community answered

(30 responses)
  • B
    3% (1)
  • C
    90% (27)
  • D
    7% (2)

Why each option

Salting is the cryptographic technique of appending or prepending a random string of characters to a password before hashing it, ensuring that identical passwords produce different hash values.

AKeyed Hashing

Keyed hashing (e.g., HMAC) incorporates a secret key into the hashing algorithm itself rather than adding a random string to the password input prior to hashing.

BKey Stretching

Key stretching (e.g., PBKDF2, bcrypt) increases the computational cost of hashing by applying the hash function many times in iteration, but does not describe adding random characters to the password.

CSaltingCorrect

A salt is a randomly generated value that is concatenated with a plaintext password before the hash function is applied. This ensures that even two users with the same password will have different stored hashes, effectively defeating precomputed rainbow table attacks and making brute-force efforts per-account rather than global.

DDouble Hashing

Double hashing applies a hash function twice to the password but does not involve adding any random string, leaving it still vulnerable to rainbow table attacks.

Concept tested: Password salting to prevent rainbow table attacks

Source: https://csrc.nist.gov/publications/detail/sp/800-132/final

Topics

#password salting#password hashing#rainbow table defense#credential protection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice