Salting passwords helps protect against which type of attack?

Prepare for the Penetration Testing and Vulnerability Analysis Test with a range of challenging questions. Study with multiple choice format, hints, and detailed explanations to ace your next exam!

Multiple Choice

Salting passwords helps protect against which type of attack?

Explanation:
Salting passwords adds random data to each password before hashing, so the hash becomes password+salt. Rainbow tables are precomputed lists of password-hash pairs built for a specific, fixed hash input. When every password is salted with a unique value, those precomputed tables no longer match, because the same password produces a different hash with different salts. To crack salted hashes, an attacker would have to generate new rainbow tables for each possible salt, which is impractical, making rainbow-table attacks ineffective. Hashing is still needed; the salt is not a replacement for hashing and does not remove the need to hash passwords. The salt also doesn’t make passwords themselves longer in a meaningful way for security purposes; it’s extra data stored alongside the hash, while the actual password length remains unchanged. Finally, salting does not guarantee that brute-force attempts will fail; it raises the work factor by requiring per-user computations, but determined attackers can still brute-force given enough time and resources.

Salting passwords adds random data to each password before hashing, so the hash becomes password+salt. Rainbow tables are precomputed lists of password-hash pairs built for a specific, fixed hash input. When every password is salted with a unique value, those precomputed tables no longer match, because the same password produces a different hash with different salts. To crack salted hashes, an attacker would have to generate new rainbow tables for each possible salt, which is impractical, making rainbow-table attacks ineffective.

Hashing is still needed; the salt is not a replacement for hashing and does not remove the need to hash passwords. The salt also doesn’t make passwords themselves longer in a meaningful way for security purposes; it’s extra data stored alongside the hash, while the actual password length remains unchanged. Finally, salting does not guarantee that brute-force attempts will fail; it raises the work factor by requiring per-user computations, but determined attackers can still brute-force given enough time and resources.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy