312-50V10 · Question #326
After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?
The correct answer is A. SHA1. SHA1 is a one-way hash function historically used to store password hashes, and knowing it enables offline attacks such as brute-force or rainbow table comparisons against stolen hashes.
Question
After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?
Options
- ASHA1
- BDiffie-Helman
- CRSA
- DAES
How the community answered
(57 responses)- A91% (52)
- B5% (3)
- C2% (1)
- D2% (1)
Why each option
SHA1 is a one-way hash function historically used to store password hashes, and knowing it enables offline attacks such as brute-force or rainbow table comparisons against stolen hashes.
SHA1 is a cryptographic hash function that web applications have used to hash and store user passwords. When an attacker obtains these hashes, knowledge of SHA1 allows them to run offline brute-force or rainbow table attacks by hashing candidate passwords with SHA1 and comparing the output to stored hashes, potentially recovering plaintext passwords and gaining access to the application.
Diffie-Hellman is a key exchange protocol used to establish a shared secret between two parties over an insecure channel and is not used to generate or crack password hashes.
RSA is an asymmetric encryption and digital signature algorithm used for secure data transmission and authentication, not for hashing or cracking stored passwords.
AES is a symmetric block cipher used for encrypting data at rest or in transit and does not produce the one-way hashes used to store passwords in web applications.
Concept tested: Password hashing algorithms and offline hash cracking
Source: https://csrc.nist.gov/projects/hash-functions
Topics
Community Discussion
No community discussion yet for this question.