nerdexam
EC-Council

312-50V11 · Question #339

How does an operating system protect the passwords used for account logins?

The correct answer is A. The operating system performs a one-way hash of the passwords.. Operating systems protect passwords by storing a one-way cryptographic hash rather than the plaintext password, making it computationally infeasible to reverse the stored value.

System Hacking

Question

How does an operating system protect the passwords used for account logins?

Options

  • AThe operating system performs a one-way hash of the passwords.
  • BThe operating system stores the passwords in a secret file that users cannot find.
  • CThe operating system encrypts the passwords, and decrypts them when needed.
  • DThe operating system stores all passwords in a protected segment of non-volatile memory.

How the community answered

(58 responses)
  • A
    93% (54)
  • B
    2% (1)
  • C
    3% (2)
  • D
    2% (1)

Why each option

Operating systems protect passwords by storing a one-way cryptographic hash rather than the plaintext password, making it computationally infeasible to reverse the stored value.

AThe operating system performs a one-way hash of the passwords.Correct

A one-way hash function (such as bcrypt, SHA-2, or PBKDF2) transforms the password into a fixed-length digest that cannot be mathematically reversed. During login, the OS hashes the entered password and compares it to the stored hash - the plaintext password is never stored or transmitted. This ensures that even if the hash database is stolen, attackers cannot trivially recover the original passwords.

BThe operating system stores the passwords in a secret file that users cannot find.

Storing passwords in a secret file relies only on obscurity and access controls rather than cryptographic protection, and an attacker with sufficient privileges or a path traversal vulnerability could locate and read the file directly.

CThe operating system encrypts the passwords, and decrypts them when needed.

Symmetric encryption is reversible with the decryption key, meaning a compromised key or algorithm weakness would expose all stored passwords, whereas one-way hashing provides stronger protection because no decryption step exists.

DThe operating system stores all passwords in a protected segment of non-volatile memory.

Storing passwords in protected non-volatile memory provides physical and access-control protection but does not prevent exposure if that memory region is read by privileged processes or through hardware-level attacks.

Concept tested: One-way password hashing for credential storage

Source: https://learn.microsoft.com/en-us/windows-server/security/windows-authentication/credentials-processes-in-windows-authentication

Topics

#password hashing#one-way hash#OS password storage#credential protection

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice