melissarosario1986
melissarosario1986 4d ago • 0 views

Multiple Choice Questions on Salting, Hashing, and Password Security

Hey everyone! 👋 Diving deep into cybersecurity today with a focus on how passwords are kept safe. We're talking about salting and hashing – super important concepts for anyone interested in computer science or digital security. Get ready to test your knowledge with some multiple-choice questions! 🔐
💻 Computer Science & Technology
🪄

🚀 Can't Find Your Exact Topic?

Let our AI Worksheet Generator create custom study notes, online quizzes, and printable PDFs in seconds. 100% Free!

✨ Generate Custom Content

1 Answers

✅ Best Answer
User Avatar

📚 Quick Study Guide: Salting, Hashing & Password Security Fundamentals

  • 🔒 Hashing: A one-way cryptographic function that transforms an input (e.g., a password) into a fixed-size string of characters, known as a hash value or message digest. It's designed to be irreversible, meaning you cannot reconstruct the original password from its hash.
  • 🧂 Salting: The process of adding a unique, random string of data (the "salt") to a password *before* it is hashed. This salt is stored alongside the hash. Salting prevents dictionary attacks and rainbow table attacks by ensuring that identical passwords produce different hash values for different users or even for the same user over time.
  • 🛡️ Password Security: Best practices include never storing passwords in plaintext. Instead, store their salted and hashed versions. Use strong, adaptive hashing algorithms like bcrypt, scrypt, or Argon2, which are designed to be computationally intensive and resistant to brute-force attacks.
  • 🌈 Rainbow Tables: Precomputed tables containing hash values for a vast number of potential passwords. Attackers use these to quickly find the original password from a stolen hash. Salting effectively nullifies rainbow tables because the added salt makes each password's hash unique, requiring a separate rainbow table for every possible salt value.
  • 💥 Hash Collisions: Occur when two different inputs produce the exact same hash output. While rare for strong cryptographic hash functions, they are theoretically possible. Good hash functions are designed to minimize the probability of collisions.
  • ⚙️ Adaptive Hashing Algorithms: Modern algorithms (e.g., bcrypt, scrypt, Argon2) are designed to be slow and resource-intensive, making brute-force attacks much harder. They allow for a "work factor" or "cost factor" to be adjusted, increasing the computational effort required to compute a hash as hardware improves.

🧠 Practice Quiz: Test Your Password Security Knowledge

  1. What is the primary characteristic of a cryptographic hash function?
    A) It is easily reversible to retrieve the original input.
    B) It produces a variable-length output based on the input length.
    C) It is a one-way function, difficult to reverse, and produces a fixed-size output.
    D) It encrypts data, requiring a key for decryption.
  2. What is the main purpose of "salting" passwords before hashing them?
    A) To make the hash value shorter and more efficient to store.
    B) To add complexity to the password itself, making it harder to guess.
    C) To prevent rainbow table attacks and ensure unique hashes for identical passwords.
    D) To encrypt the password, making it unreadable without a key.
  3. How does salting help protect against rainbow table attacks?
    A) It encrypts the rainbow table, making it unusable.
    B) It makes the hashing process faster, thus overwhelming the attacker.
    C) It ensures that even identical passwords produce unique hash values, rendering precomputed tables useless.
    D) It automatically changes the user's password if a rainbow table attack is detected.
  4. Which of the following is considered a severe security vulnerability when storing user passwords?
    A) Storing passwords as salted hashes using bcrypt.
    B) Storing passwords as plain text in a database.
    C) Storing passwords as hashes without salt.
    D) Storing passwords encrypted with a strong key.
  5. Why are adaptive hashing algorithms like bcrypt or Argon2 preferred over simpler algorithms like MD5 or SHA-1 for password storage?
    A) They are much faster, allowing for quicker authentication.
    B) They produce shorter hash outputs, saving storage space.
    C) They are designed to be computationally intensive and adjustable, making brute-force attacks harder.
    D) They inherently include salting, so no separate salt is needed.
  6. Which property of a cryptographic hash function implies that it's computationally infeasible to find two different inputs that produce the same hash output?
    A) Pre-image resistance
    B) Second pre-image resistance
    C) Collision resistance
    D) Avalanche effect
  7. Where should the salt be stored in relation to the password hash?
    A) The salt should be kept secret on a separate server.
    B) The salt should be embedded within the password itself.
    C) The salt should be stored publicly and separately from the hash.
    D) The salt should be stored alongside the corresponding password hash in the database.
Click to see Answers

1. C
2. C
3. C
4. B
5. C
6. C
7. D

Join the discussion

Please log in to post your answer.

Log In

Earn 2 Points for answering. If your answer is selected as the best, you'll get +20 Points! 🚀