Home › BCA Cyber Security › cybersecurity › Cybersecurity Fundamentals › A HASH FUNCTION (e.g. SHA-256) used for password…
A HASH FUNCTION (e.g. SHA-256) used for password storage should be
Areversible so passwords can be recovered
BFAST so login is quick
CONE-WAY (irreversible) and SLOW (computationally expensive)
Dthe same for all users
Answer & Solution
Correct answer: C. ONE-WAY (irreversible) and SLOW (computationally expensive)
1. PASSWORD HASHING requirements differ from general hashing.
2. ONE-WAY: given the hash, you cannot reconstruct the password (no decryption key). Makes a database leak less catastrophic.
3. INTENTIONALLY SLOW: brute-force attempts take orders of magnitude longer. SHA-256 alone is too fast (billions/sec on a GPU).
4. Use a SLOW PASSWORD HASH: bcrypt, scrypt, Argon2, or PBKDF2. These accept a 'work factor' you can tune.
5. Also add a UNIQUE PER-USER SALT to defeat rainbow tables — same password produces different hashes.
6. Option A defeats the purpose. Option B is the wrong trade-off. Option D defeats the salt principle.
_Source: NIST CSF PR.DS (Data security) + NIST SP 800-63B (memorised secret guidelines)._
Related questions
Which of the following is a TYPE of MALWARE that encrypts files and demands payment for thA SECURITY INCIDENT is BEST defined asDEFENSE IN DEPTH is a strategy thatWhich authentication method requires the user to present at least TWO different categoriesPRINCIPLE OF LEAST PRIVILEGE states thatRisk is commonly expressed as a function ofWithin the RESPOND function, ANALYSIS of detected incidents and COMMUNICATIONS with stakehWhich NIST CSF function ensures that PLANS to RESTORE capabilities or services are execute