Which term describes the process of making password-based keys more resistant to brute-force attacks by applying iterations of a hashing function?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which term describes the process of making password-based keys more resistant to brute-force attacks by applying iterations of a hashing function?

Explanation:
Key stretching is the technique of making password-based keys more resistant to brute-force attacks by applying the hashing function multiple times. By running the hash over the password (and often a unique salt) many times, each guess requires significantly more CPU/GPU work, which slows down attackers and makes large-scale guessing impractical. This deliberate delay is the core idea behind strengthening password hashes. Hashing alone is just a single pass and can be computed very quickly, so it’s not sufficient to deter brute-force attempts. Salting adds unique randomness to each password hash, which protects against precomputed attacks like rainbow tables, but on its own it doesn’t substantially increase the time an attacker spends guessing each password. Encryption, meanwhile, is a reversible process used to protect data, not to derive a secure hash from a password for storage.

Key stretching is the technique of making password-based keys more resistant to brute-force attacks by applying the hashing function multiple times. By running the hash over the password (and often a unique salt) many times, each guess requires significantly more CPU/GPU work, which slows down attackers and makes large-scale guessing impractical. This deliberate delay is the core idea behind strengthening password hashes.

Hashing alone is just a single pass and can be computed very quickly, so it’s not sufficient to deter brute-force attempts. Salting adds unique randomness to each password hash, which protects against precomputed attacks like rainbow tables, but on its own it doesn’t substantially increase the time an attacker spends guessing each password. Encryption, meanwhile, is a reversible process used to protect data, not to derive a secure hash from a password for storage.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy