312-50V11 · Question #379
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?
The correct answer is D. Passwords stored using hashes are non-reversible, making finding the password much more. Hashing is appropriate for password storage because it is a one-way function - the original password cannot be mathematically recovered from the stored hash.
Question
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?
Options
- AIt is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.
- BIf a user forgets the password, it can be easily retrieved using the hash key stored by
- CHashing is faster compared to more traditional encryption algorithms.
- DPasswords stored using hashes are non-reversible, making finding the password much more
How the community answered
(32 responses)- B3% (1)
- C3% (1)
- D94% (30)
Why each option
Hashing is appropriate for password storage because it is a one-way function - the original password cannot be mathematically recovered from the stored hash.
Hashing is not encryption and does not use a cryptographic key - it is a keyless one-way transformation, so there is no key whose theft would allow direct reversal of hashes.
Because hashing is irreversible by design, the original password cannot be retrieved from the stored hash, which is why forgotten passwords must be reset rather than recovered.
Performance speed is not the security rationale for hashing passwords; in fact, intentionally slow hash functions like bcrypt are preferred precisely because speed would aid brute-force attacks.
Cryptographic hash functions are designed to be computationally irreversible, meaning even an attacker who obtains the entire password database cannot reverse a hash back to the original plaintext. This non-reversibility ensures that even in the event of a data breach, user passwords remain protected as long as the hash function and any salting mechanism are sound.
Concept tested: One-way cryptographic hashing for secure password storage
Source: https://pages.nist.gov/800-63-3/sp800-63b.html
Topics
Community Discussion
No community discussion yet for this question.