312-50V11 · Question #339
How does an operating system protect the passwords used for account logins?
The correct answer is A. The operating system performs a one-way hash of the passwords.. Operating systems protect passwords by storing a one-way cryptographic hash rather than the plaintext password, making it computationally infeasible to reverse the stored value.
Question
How does an operating system protect the passwords used for account logins?
Options
- AThe operating system performs a one-way hash of the passwords.
- BThe operating system stores the passwords in a secret file that users cannot find.
- CThe operating system encrypts the passwords, and decrypts them when needed.
- DThe operating system stores all passwords in a protected segment of non-volatile memory.
How the community answered
(58 responses)- A93% (54)
- B2% (1)
- C3% (2)
- D2% (1)
Why each option
Operating systems protect passwords by storing a one-way cryptographic hash rather than the plaintext password, making it computationally infeasible to reverse the stored value.
A one-way hash function (such as bcrypt, SHA-2, or PBKDF2) transforms the password into a fixed-length digest that cannot be mathematically reversed. During login, the OS hashes the entered password and compares it to the stored hash - the plaintext password is never stored or transmitted. This ensures that even if the hash database is stolen, attackers cannot trivially recover the original passwords.
Storing passwords in a secret file relies only on obscurity and access controls rather than cryptographic protection, and an attacker with sufficient privileges or a path traversal vulnerability could locate and read the file directly.
Symmetric encryption is reversible with the decryption key, meaning a compromised key or algorithm weakness would expose all stored passwords, whereas one-way hashing provides stronger protection because no decryption step exists.
Storing passwords in protected non-volatile memory provides physical and access-control protection but does not prevent exposure if that memory region is read by privileged processes or through hardware-level attacks.
Concept tested: One-way password hashing for credential storage
Source: https://learn.microsoft.com/en-us/windows-server/security/windows-authentication/credentials-processes-in-windows-authentication
Topics
Community Discussion
No community discussion yet for this question.