A security countermeasure that mitigates the impact of precomputed hash table attacks by adding a random value to plaintext input is called what?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

A security countermeasure that mitigates the impact of precomputed hash table attacks by adding a random value to plaintext input is called what?

Explanation:
Adding a random value to the input before hashing is done to defeat precomputed hash attacks, and this value is called a salt. The salt makes each hash unique, so even identical passwords produce different hashes. This stops an attacker from using a single rainbow table to crack many passwords at once, because they’d have to generate a new table for every possible salt. The salt is stored with the hash so the system can verify inputs by hashing with the same salt again. Pepper is a secret value added to the input, typically kept separate from the stored hash and not tied to a single user. It doesn’t provide per-user uniqueness like a salt does. A nonce is a value used once to prevent replay attacks, not for password hashing. An initialization vector is used in encryption to randomize ciphertext, not for hashing.

Adding a random value to the input before hashing is done to defeat precomputed hash attacks, and this value is called a salt. The salt makes each hash unique, so even identical passwords produce different hashes. This stops an attacker from using a single rainbow table to crack many passwords at once, because they’d have to generate a new table for every possible salt. The salt is stored with the hash so the system can verify inputs by hashing with the same salt again.

Pepper is a secret value added to the input, typically kept separate from the stored hash and not tied to a single user. It doesn’t provide per-user uniqueness like a salt does. A nonce is a value used once to prevent replay attacks, not for password hashing. An initialization vector is used in encryption to randomize ciphertext, not for hashing.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy