ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 340 discussion

Actual exam question from CompTIA's PT0-002
Question #: 340
Topic #: 1
[All PT0-002 Questions]

A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code:

salt = 'saltl23'
hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt, 10000)

The penetration tester recommended the code be updated to the following:

salt = os.urandom(32)
hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt, 10000)

Which of the following steps should the penetration tester recommend?

  • A. Changing passwords that were created before this code update
  • B. Storing hashes created by both methods for compatibility
  • C. Rehashing all old passwords with the new code
  • D. Updating the SHA-256 algorithm to something more secure
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by mat22 at Aug. 9, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
IamBlackFire
9 months, 1 week ago
Selected Answer: A
The penetration tester recommended the code be updated to use a random salt instead of a fixed salt for hashing passwords.Therefore, the penetration tester should recommend changing passwords that were created before this code update, so that they can be hashed with the new salt and be more secure. The other options are not valid steps that the penetration tester should recommend. Keeping hashes created by both methods for compatibility would defeat the purpose of updating the code, as it would leave some hashes vulnerable to attacks. Rehashing all old passwords with the new code would not work, as it would require knowing the plaintext passwords, which are not stored in the database. Replacing the SHA-256 algorithm to something more secure is not necessary, as SHA-256 is a secure and widely used hashing algorithm that has no known vulnerabilities or collisions.
upvoted 2 times
...
sparseyyy
9 months, 4 weeks ago
Selected Answer: A
Without the original plaintext passwords, it's impossible to rehash old passwords. You cannot reverse a hash to get the plaintext password, so users will need to reset their passwords.
upvoted 2 times
...
wdmssk
10 months, 2 weeks ago
A C is wrong: Without knowing the original plaintext password, rehashing old passwords is impossible.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel