Exam CS0-003 topic 1 question 109 discussion

Replacing MD5 with digital signatures is a significant change that involves implementing a different authentication mechanism, but with SHA-256 is more straightforward and effective solution to mitigate the vulnerability while minimizing disruption to the current system.

SHA-256 is collision attacks resistant

B is the right answer Explanation A hash collision occurs when two different inputs produce the same hash output. MD5 (Message Digest Algorithm 5) is known to be vulnerable to collisions, meaning attackers can create different files that result in the same MD5 hash. This can lead to security risks, as the system may wrongly accept a malicious file if it has the same hash as a legitimate one. To mitigate this vulnerability, replacing the MD5 hash algorithm with a stronger hash function, like SHA-256 (part of the SHA-2 family), is an effective solution. SHA-256 is much more resistant to collisions, making it harder for an attacker to forge a file that matches the hash of a legitimate one.

Had it not said "with the fewest changes to the current script and infrastructure?" I would absolutely say D. D would elliminate the positbilities of collisions in the future, but it also requires more changes to the script infrastructure than B. So based on specifically what is being asked I would say B

D. Replace the MD5 with digital signatures. Here's why: MD5 to Digital Signatures: Replacing MD5 with digital signatures is a more secure approach to verify the authenticity and integrity of files. Digital signatures provide a higher level of security and are less prone to collision attacks compared to hash functions like MD5. This change can be made within the script itself without major infrastructure changes. Few Changes: This option minimizes changes to the current script and infrastructure. It involves replacing the hashing mechanism within the script while keeping the overall architecture intact.

Seems correct This option involves changing the hash algorithm from the vulnerable MD5 to the more secure SHA-256. It addresses the hash collision vulnerability directly and doesn't require major changes to the existing infrastructure or script logic.