Multiple Choice Questions on Password Hashing and Salting

📚 Quick Study Guide

• 🔑 Password Hashing: A one-way function that transforms a password into an unreadable string of characters, making it difficult to reverse engineer the original password.
• 🧂 Salting: Adding a unique, random string to each password before hashing. This prevents attackers from using pre-computed tables of common password hashes (rainbow tables).
• 🛡️ Salt Storage: Salts should be stored alongside the hashed passwords. Each password should have a unique salt.
• 💪 Strong Hashing Algorithms: Use modern, robust hashing algorithms such as Argon2, bcrypt, or scrypt. Avoid older, weaker algorithms like MD5 or SHA1.
• ⏱️ Key Derivation Functions (KDFs): Algorithms like PBKDF2 are designed to be computationally expensive, slowing down brute-force attacks. They often incorporate salting.
• 🔄 Iteration Count: The number of times the hashing algorithm is applied. Increasing the iteration count increases the time it takes to crack a password.

🧪 Practice Quiz

1. What is the primary purpose of password hashing?
   1. A. To encrypt passwords for easy decryption later.
   2. B. To transform passwords into an irreversible format for secure storage.
   3. C. To store passwords in plain text for easy access.
   4. D. To compress passwords to save storage space.
2. What is a 'salt' in the context of password security?
   1. A. A type of encryption algorithm.
   2. B. A random string added to each password before hashing.
   3. C. A storage location for passwords.
   4. D. A method to bypass password protection.
3. Why is salting important for password security?
   1. A. It allows passwords to be easily decrypted.
   2. B. It prevents rainbow table attacks.
   3. C. It makes passwords shorter.
   4. D. It is not important for password security.
4. Which of the following is a strong password hashing algorithm?
   1. A. MD5
   2. B. SHA1
   3. C. bcrypt
   4. D. CRC32
5. What is an iteration count in password hashing?
   1. A. The length of the salt.
   2. B. The number of times the hashing algorithm is applied.
   3. C. The version number of the hashing algorithm.
   4. D. The storage size for the hashed password.
6. Where should salts be stored?
   1. A. In a separate, highly secure database.
   2. B. Alongside the hashed passwords.
   3. C. In the application's source code.
   4. D. They should not be stored at all.
7. What is the purpose of Key Derivation Functions (KDFs) like PBKDF2?
   1. A. To quickly encrypt passwords.
   2. B. To make password cracking more computationally expensive.
   3. C. To store passwords in plain text.
   4. D. To bypass password authentication.