nerdexam
EC-Council

312-50V10 · Question #213

How can rainbow tables be defeated?

The correct answer is A. Password salting. Password salting defeats rainbow table attacks by appending a unique random value to each password before hashing, ensuring that precomputed hash chains cannot match any stored hash.

System Hacking

Question

How can rainbow tables be defeated?

Options

  • APassword salting
  • BUse of non-dictionary words
  • CAll uppercase character passwords
  • DLockout accounts under brute force password cracking attempts

How the community answered

(40 responses)
  • A
    95% (38)
  • B
    3% (1)
  • C
    3% (1)

Why each option

Password salting defeats rainbow table attacks by appending a unique random value to each password before hashing, ensuring that precomputed hash chains cannot match any stored hash.

APassword saltingCorrect

A rainbow table is a precomputed lookup table mapping hash values back to plaintext passwords. Salting appends a unique random string (the salt) to each password before hashing, so two users with identical passwords produce completely different hashes. Because the salt is unique per credential, an attacker would need to rebuild the entire rainbow table for every possible salt value, making the attack computationally infeasible.

BUse of non-dictionary words

Avoiding dictionary words protects against dictionary and brute-force attacks but does not prevent a rainbow table lookup if the hash of that complex password was precomputed.

CAll uppercase character passwords

Using all uppercase characters reduces the character set and is trivially accommodated by including uppercase variants in a rainbow table; it does not defeat the precomputed-table attack.

DLockout accounts under brute force password cracking attempts

Account lockout mitigates online brute-force attempts against a live authentication service but has no effect on offline rainbow table attacks against a stolen hash database.

Concept tested: Password salting to defeat rainbow table attacks

Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

Topics

#rainbow tables#password salting#password cracking#hash functions

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice