nerdexam
EC-Council

312-50V10 · Question #379

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

The correct answer is D. Passwords stored using hashes are non-reversible, making finding the password much more. Hashing is appropriate for password storage because it is a one-way mathematical function - the original password cannot be derived from its hash output.

Cryptography

Question

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

Options

  • AIt is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.
  • BIf a user forgets the password, it can be easily retrieved using the hash key stored by
  • CHashing is faster compared to more traditional encryption algorithms.
  • DPasswords stored using hashes are non-reversible, making finding the password much more

How the community answered

(40 responses)
  • B
    3% (1)
  • C
    3% (1)
  • D
    95% (38)

Why each option

Hashing is appropriate for password storage because it is a one-way mathematical function - the original password cannot be derived from its hash output.

AIt is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.

Hashing is not encryption and uses no key - it is a one-way mathematical function, so there is no key to obtain that would reveal the original password.

BIf a user forgets the password, it can be easily retrieved using the hash key stored by

Hashing is non-reversible by design, so the original password cannot be retrieved from the hash value - a forgotten password must be reset, not recovered.

CHashing is faster compared to more traditional encryption algorithms.

Computational speed is not the security rationale for password hashing - purpose-built algorithms like bcrypt are intentionally slow to resist brute-force attacks.

DPasswords stored using hashes are non-reversible, making finding the password much moreCorrect

Cryptographic hash functions are designed as one-way operations, meaning the hash output cannot be reversed to recover the original plaintext password. This non-reversibility ensures that even if a database of hashed passwords is compromised, attackers cannot directly obtain the original credentials without time-intensive brute-force or dictionary attacks.

Concept tested: One-way cryptographic hashing for password storage

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

Topics

#password hashing#one-way function#non-reversible#credential storage

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice