nerdexam
EC-Council

312-50V11 · Question #144

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

The correct answer is C. Salting. Salting is the technique of appending or prepending a random string to a password before hashing it, protecting against precomputed attacks like rainbow tables.

Cryptography

Question

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

Options

  • AKeyed Hashing
  • BKey Stretching
  • CSalting
  • DDouble Hashing

How the community answered

(27 responses)
  • A
    4% (1)
  • C
    89% (24)
  • D
    7% (2)

Why each option

Salting is the technique of appending or prepending a random string to a password before hashing it, protecting against precomputed attacks like rainbow tables.

AKeyed Hashing

Keyed Hashing (e.g., HMAC) incorporates a secret key into the hashing algorithm itself, which is a different mechanism than adding a random string to the password input.

BKey Stretching

Key Stretching techniques such as bcrypt or PBKDF2 increase the computational cost of hashing by iterating the hash function many times, but they do not define the act of adding a random string to the password.

CSaltingCorrect

Salting adds a unique, randomly generated string of characters to each password before the hash is computed, ensuring that two identical passwords produce different hash values. This defeats rainbow table and precomputed hash attacks because attackers would need a separate table for every possible salt. The salt is typically stored alongside the hash in the credential store.

DDouble Hashing

Double Hashing applies a hash function to the result of a previous hash operation and does not involve adding any random characters to the original password.

Concept tested: Password salting to prevent precomputed hash attacks

Source: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

Topics

#salting#password hashing#cryptographic salt#password protection

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice