nerdexam
EC-Council

312-50V11 · Question #326

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

The correct answer is A. SHA1. SHA1 is a one-way hashing algorithm commonly used to hash passwords, making knowledge of it useful for cracking techniques like brute force or rainbow tables.

Cryptography

Question

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

Options

  • ASHA1
  • BDiffie-Helman
  • CRSA
  • DAES

How the community answered

(30 responses)
  • A
    93% (28)
  • C
    3% (1)
  • D
    3% (1)

Why each option

SHA1 is a one-way hashing algorithm commonly used to hash passwords, making knowledge of it useful for cracking techniques like brute force or rainbow tables.

ASHA1Correct

SHA1 is a cryptographic hash function used to store password hashes. An attacker who obtains the hash file can use SHA1 knowledge to precompute rainbow tables or perform brute-force attacks, comparing hashed guesses against the stolen hashes to recover plaintext passwords. The other options are encryption or key exchange algorithms, not hashing algorithms used for password storage.

BDiffie-Helman

Diffie-Hellman is a key exchange protocol used to establish shared secrets, not a password hashing algorithm.

CRSA

RSA is an asymmetric encryption algorithm used for encryption and digital signatures, not for hashing passwords.

DAES

AES is a symmetric encryption cipher, not a hashing algorithm, and is not used to protect password storage in this context.

Concept tested: Password hashing algorithms and attack vectors

Source: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

Topics

#password hashing#SHA1#hash cracking#web application authentication

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice