In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?
Salting is the correct answer because it involves adding a random string to a password before hashing to strengthen security. This technique effectively prevents precomputed hash attacks, making it a critical component of modern password protection strategies.
Salting is correct. Read the difference between Salting and Key Stretching on : https://library.mosse-institute.com/articles/2023/07/key-stretching-and-saltingm.html
It explains a lot.
Why not A?
From CompTIA Security+ SY0-601 Certification Guide :
"Key stretching is where you append a random set of characters to a password to increase the size of the password and its hash, ensuring that a brute-force attack needs more compute time to crack the password."
CORRETION: cannot be D, because lengthening the key does not add a causal string to the password. Key stretching involves applying a cryptographic function repeatedly (thousands or millions of times) on the password and salt to make the hashing process much slower and computationally expensive.
CORRECT ANSWER: A.
Salting
Adds a random string of characters, called a "salt", to a password before hashing it. This makes each password unique and prevents attackers from:
Using dictionary lookups to see how popular passwords are hashed
Guessing the hash function to unlock a database of passwords
Key stretching
Lengthens the password by iterating the hash of the salted password. This makes it much more difficult for attackers to crack passwords using brute-force or precomputed tables.
D. Salting
Explanation:
Salting involves adding a random string (called a salt) to a password before it is hashed to prevent attackers from using precomputed hash databases (like rainbow tables) to crack the password. The random string (in this case, 36 characters) is unique and makes the password significantly harder to guess because it ensures that even if two users have the same password, their hashes will be different.
Key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key.
Salting does not add to the length of the password and does not stop attackers from brute-forcing the key as the salt is added after the password is submitted.
Tokenization and Data masking will not prevent brute-force attacks for the same reason. They are processes that don't alter a weak password.
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dbrowndiver
Highly Voted 8 months, 3 weeks agoVincentvdS
Most Recent 2 months, 3 weeks agoEracle
4 months, 1 week agoEracle
3 months, 3 weeks ago_tips
4 months, 2 weeks agochalaka
5 months, 1 week agojsmthy
7 months agoShaman73
10 months, 3 weeks ago