ExamGecko
Question list
Search
Search

Related questions











Question 368 - 312-50v12 discussion

Report
Export

How can rainbow tables be defeated?

A.
Use of non-dictionary words
Answers
A.
Use of non-dictionary words
B.
All uppercase character passwords
Answers
B.
All uppercase character passwords
C.
Password salting
Answers
C.
Password salting
D.
Lockout accounts under brute force password cracking attempts
Answers
D.
Lockout accounts under brute force password cracking attempts
Suggested answer: C

Explanation:

https://en.wikipedia.org/wiki/Salt_(cryptography)

A salt is random data that is used as an additional input to a one-way function that hashes data, a password, or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards were developed to protect a user's password against being read from the system. A salt is one of those methods.

A new salt is randomly generated for each password. In a typical setting, the salt and the password (or its version after key stretching) are concatenated and processed with a cryptographic hash function, and the output hash value (but not the original password) is stored with the salt in a database. Hashing allows for later authentication without keeping and therefore risking exposure of the plaintext password in the event that the authentication data store is compromised.

Salts defend against a pre-computed hash attack, e.g. rainbow tables. Since salts do not have to be memorized by humans they can make the size of the hash table required for a successful attack prohibitively large without placing a burden on the users. Since salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites, by making all salted hash instances for the same password different from each other.

asked 18/09/2024
franz yap
38 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first