312-50V11 · Question #144
In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?
The correct answer is C. Salting. Salting is the technique of appending or prepending a random string to a password before hashing it, protecting against precomputed attacks like rainbow tables.
Question
In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?
Options
- AKeyed Hashing
- BKey Stretching
- CSalting
- DDouble Hashing
How the community answered
(27 responses)- A4% (1)
- C89% (24)
- D7% (2)
Why each option
Salting is the technique of appending or prepending a random string to a password before hashing it, protecting against precomputed attacks like rainbow tables.
Keyed Hashing (e.g., HMAC) incorporates a secret key into the hashing algorithm itself, which is a different mechanism than adding a random string to the password input.
Key Stretching techniques such as bcrypt or PBKDF2 increase the computational cost of hashing by iterating the hash function many times, but they do not define the act of adding a random string to the password.
Salting adds a unique, randomly generated string of characters to each password before the hash is computed, ensuring that two identical passwords produce different hash values. This defeats rainbow table and precomputed hash attacks because attackers would need a separate table for every possible salt. The salt is typically stored alongside the hash in the credential store.
Double Hashing applies a hash function to the result of a previous hash operation and does not involve adding any random characters to the original password.
Concept tested: Password salting to prevent precomputed hash attacks
Source: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Topics
Community Discussion
No community discussion yet for this question.