312-50V11 · Question #326
After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?
The correct answer is A. SHA1. SHA1 is a one-way hashing algorithm commonly used to hash passwords, making knowledge of it useful for cracking techniques like brute force or rainbow tables.
Question
After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?
Options
- ASHA1
- BDiffie-Helman
- CRSA
- DAES
How the community answered
(30 responses)- A93% (28)
- C3% (1)
- D3% (1)
Why each option
SHA1 is a one-way hashing algorithm commonly used to hash passwords, making knowledge of it useful for cracking techniques like brute force or rainbow tables.
SHA1 is a cryptographic hash function used to store password hashes. An attacker who obtains the hash file can use SHA1 knowledge to precompute rainbow tables or perform brute-force attacks, comparing hashed guesses against the stolen hashes to recover plaintext passwords. The other options are encryption or key exchange algorithms, not hashing algorithms used for password storage.
Diffie-Hellman is a key exchange protocol used to establish shared secrets, not a password hashing algorithm.
RSA is an asymmetric encryption algorithm used for encryption and digital signatures, not for hashing passwords.
AES is a symmetric encryption cipher, not a hashing algorithm, and is not used to protect password storage in this context.
Concept tested: Password hashing algorithms and attack vectors
Source: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Topics
Community Discussion
No community discussion yet for this question.