CISSP Practice question #20

An attacker gets access to our hashed passwords we haven’t used salting or nonces on, why is this a problem?
A: The attacker can circumvent clipping levels.
B: It isn’t a problem, hashes are one-way functions and can’t be reversed.
C: Because the attacker now known our encryption keys.
D: The attacker can now reverse the hash to the real password by hashing the hash he stole.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: If an attacker can get access to the file of hashed passwords guessing can be done off-line, rapidly testing candidate passwords against the true password’s hash value. This will circumvent the clipping levels, stealing is always easier than decrypting it.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like