nerdexam
EC-Council

312-50V11 · Question #379

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

The correct answer is D. Passwords stored using hashes are non-reversible, making finding the password much more. Hashing is appropriate for password storage because it is a one-way function - the original password cannot be mathematically recovered from the stored hash.

Cryptography

Question

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

Options

  • AIt is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.
  • BIf a user forgets the password, it can be easily retrieved using the hash key stored by
  • CHashing is faster compared to more traditional encryption algorithms.
  • DPasswords stored using hashes are non-reversible, making finding the password much more

How the community answered

(32 responses)
  • B
    3% (1)
  • C
    3% (1)
  • D
    94% (30)

Why each option

Hashing is appropriate for password storage because it is a one-way function - the original password cannot be mathematically recovered from the stored hash.

AIt is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.

Hashing is not encryption and does not use a cryptographic key - it is a keyless one-way transformation, so there is no key whose theft would allow direct reversal of hashes.

BIf a user forgets the password, it can be easily retrieved using the hash key stored by

Because hashing is irreversible by design, the original password cannot be retrieved from the stored hash, which is why forgotten passwords must be reset rather than recovered.

CHashing is faster compared to more traditional encryption algorithms.

Performance speed is not the security rationale for hashing passwords; in fact, intentionally slow hash functions like bcrypt are preferred precisely because speed would aid brute-force attacks.

DPasswords stored using hashes are non-reversible, making finding the password much moreCorrect

Cryptographic hash functions are designed to be computationally irreversible, meaning even an attacker who obtains the entire password database cannot reverse a hash back to the original plaintext. This non-reversibility ensures that even in the event of a data breach, user passwords remain protected as long as the hash function and any salting mechanism are sound.

Concept tested: One-way cryptographic hashing for secure password storage

Source: https://pages.nist.gov/800-63-3/sp800-63b.html

Topics

#password hashing#one-way functions#non-reversible hashing#password storage

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice