EC-Council
312-50V9 · Question #100
312-50V9 Question #100: Real Exam Question with Answer & Explanation
The correct answer is A: SHA1. When password hashes are obtained, knowing the specific hashing algorithm used allows an attacker to perform targeted brute-force or rainbow table attacks against those hashes.
Question
After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?
Options
- ASHA1
- BDiffie-Helman
- CRSA
- DAES
Explanation
When password hashes are obtained, knowing the specific hashing algorithm used allows an attacker to perform targeted brute-force or rainbow table attacks against those hashes.
Common mistakes.
- B. Diffie-Hellman is a key exchange protocol used to establish shared secrets, not a password hashing algorithm, so it would not be involved in protecting stored credentials.
- C. RSA is an asymmetric encryption algorithm used for digital signatures and key exchange, not for hashing or storing passwords.
- D. AES is a symmetric encryption cipher, not a hashing function, and is not typically used to create password digests stored in web applications.
Concept tested. Password hash cracking using known hashing algorithms
Reference. https://owasp.org/www-community/attacks/Password_Cracking
Community Discussion
No community discussion yet for this question.