An attacker gets access to our hashed passwords we haven’t used salting or nonces on, why is this a problem?
A: The attacker can circumvent clipping levels.
B: It isn’t a problem, hashes are one-way functions and can’t be reversed.
C: Because the attacker now known our encryption keys.
D: The attacker can now reverse the hash to the real password by hashing the hash he stole.
CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests
A: If an attacker can get access to the file of hashed passwords guessing can be done off-line, rapidly testing candidate passwords against the true password’s hash value. This will circumvent the clipping levels, stealing is always easier than decrypting it.