Which technique involves adding random bits of data to a password before it is stored as a hash?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Exam. Use flashcards and multiple-choice questions with hints and explanations. Enhance your cyber security knowledge and get ready for the exam!

Multiple Choice

Which technique involves adding random bits of data to a password before it is stored as a hash?

Explanation:
Adding random data to a password before hashing is known as salting. The random value, called a salt, is unique for each password and is stored alongside the resulting hash. This ensures that even if two users have the same password, their hashes will be different, so precomputed rainbow tables can’t be reused. Because each password-hash pair uses its own salt, an attacker would have to compute hashes separately for every possible password with every salt, which greatly increases the effort required. Encryption isn’t used for password storage because it’s reversible, whereas hashing (with a salt) aims to store a one-way representation. Hashing without a salt leaves you vulnerable to rainbow table attacks. Key stretching, while related in practice to slowing down attackers by increasing computation (and often involving a salt), is a separate technique focused on making hash computations intentionally slower. The technique described here is specifically salting.

Adding random data to a password before hashing is known as salting. The random value, called a salt, is unique for each password and is stored alongside the resulting hash. This ensures that even if two users have the same password, their hashes will be different, so precomputed rainbow tables can’t be reused. Because each password-hash pair uses its own salt, an attacker would have to compute hashes separately for every possible password with every salt, which greatly increases the effort required.

Encryption isn’t used for password storage because it’s reversible, whereas hashing (with a salt) aims to store a one-way representation. Hashing without a salt leaves you vulnerable to rainbow table attacks. Key stretching, while related in practice to slowing down attackers by increasing computation (and often involving a salt), is a separate technique focused on making hash computations intentionally slower. The technique described here is specifically salting.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy