Why hash and salt passwords, and which algorithms are preferred?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Why hash and salt passwords, and which algorithms are preferred?

Explanation:
Hashing and salting passwords protects credentials even if the password database is exposed. Hashing turns a password into a fixed-length value, and salting adds a unique random value to each password before hashing so identical passwords don’t produce the same hash. This defeats rainbow tables and forces attackers to crack each password individually, increasing the effort and time required. The preferred algorithms are Argon2, bcrypt, or scrypt because they are designed to be slow and resistant to GPU- and ASIC-based cracking, with built-in support for salts and adjustable work factors. They intentionally use memory-hardness and computational cost to make offline attacks impractical as hardware improves. Killer flaws in the other options: they describe aims like speeding up login or compressing data, which aren’t what password storage needs, and they recommend algorithms (MD5, SHA-1, AES, DES, RC4) that are fast or obsolete and don’t provide proper protection for passwords.

Hashing and salting passwords protects credentials even if the password database is exposed. Hashing turns a password into a fixed-length value, and salting adds a unique random value to each password before hashing so identical passwords don’t produce the same hash. This defeats rainbow tables and forces attackers to crack each password individually, increasing the effort and time required.

The preferred algorithms are Argon2, bcrypt, or scrypt because they are designed to be slow and resistant to GPU- and ASIC-based cracking, with built-in support for salts and adjustable work factors. They intentionally use memory-hardness and computational cost to make offline attacks impractical as hardware improves.

Killer flaws in the other options: they describe aims like speeding up login or compressing data, which aren’t what password storage needs, and they recommend algorithms (MD5, SHA-1, AES, DES, RC4) that are fast or obsolete and don’t provide proper protection for passwords.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy