nerdexam
(ISC)2

CISSP · Question #42

The birthday attack is MOST effective against which one of the following cipher technologies?

The correct answer is C. Cryptographic hash. The birthday attack exploits the mathematical probability that two inputs will produce the same hash output (a collision), making cryptographic hash functions its primary target.

Submitted by salim_om· Mar 5, 2026Security Architecture and Engineering

Question

The birthday attack is MOST effective against which one of the following cipher technologies?

Options

  • AChaining block encryption
  • BAsymmetric cryptography
  • CCryptographic hash
  • DStreaming cryptography

How the community answered

(59 responses)
  • A
    7% (4)
  • B
    2% (1)
  • C
    86% (51)
  • D
    5% (3)

Why each option

The birthday attack exploits the mathematical probability that two inputs will produce the same hash output (a collision), making cryptographic hash functions its primary target.

AChaining block encryption

Block cipher chaining modes (like CBC) are vulnerable to padding oracle and IV-reuse attacks, not birthday attacks, because their security depends on key secrecy and proper initialization rather than collision resistance.

BAsymmetric cryptography

Asymmetric cryptography is primarily threatened by attacks targeting the mathematical hardness of factoring large primes or discrete logarithm problems, not collision-finding as exploited by birthday attacks.

CCryptographic hashCorrect

The birthday attack is specifically designed to find collisions in cryptographic hash functions by leveraging the birthday paradox - the statistical likelihood that in a set of randomly chosen inputs, two will share the same hash output is higher than intuition suggests. Because hash functions are supposed to produce unique digests for unique inputs, finding a collision undermines integrity verification, digital signatures, and authentication. This attack is most dangerous against weaker hash algorithms like MD5 and SHA-1, where the output space is small enough to make collision searches computationally feasible.

DStreaming cryptography

Stream ciphers are vulnerable to key reuse and known-plaintext attacks because they XOR a keystream with plaintext, a fundamentally different structure that is not susceptible to collision-based birthday attack methodology.

Concept tested: Birthday attack vulnerability against cryptographic hash functions

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview

Topics

#birthday attack#cryptographic hash#collision

Community Discussion

No community discussion yet for this question.

Full CISSP Practice