The best way to store passwords is:

Question

BlackTom AI · Accepted Answer

Question: The best way to store passwords is:

Since the list of answer options is not provided here, we can still reason about what constitutes best practice based on common security guidance.

- If the option is Hash + Salt: This approach is widely recommended. Hashing converts a password into a fixed-length string, and adding a unique salt per password protects against precomputed rainbow table attacks. The salt ensures that identical passwords result in different hashes, increasing security even if the hash function is the same.
- Why hashing alone is not enough: Hashing a password without a salt leaves the system vulnerable to rainbow table attacks, where attackers use precomputed lists of common password hashes. A salt defeats this by randomizing the hash output for each user, so precomputed tables are ineffective.
- Why hashing with salt and proper methods is better than plaintext: Storing passwords in plaintext is insecure because anyone with access to the storage can read all passwords. Hashing (with salt and appropriate parameters) ensures that even if the data store is compromised, passwords are not readily recoverable.
- Why not reversible encryption: Encrypting passwords with a reversible cipher means that access to the encryption key could expose all passwords. This is riskier than hashing with salts because the key itself becomes a single point of compromise.
- Enhancements commonly used in practice: Employ a password hashing function designed for this purpose (such as bcrypt, scrypt, Argon2, or PBKDF2) with a high number of iterations, a unique per-password salt, and, if possible, a pepper. This strengthens resistance to brute-force attempts even if the hashed values are stolen.
- About alternative incorrect options (if they were present):
  • Plaintext storage would be insecure because it exposes passwords directly.
  • Hashing without a salt allows attackers to reuse precomputed hashes and exploit identical passwords across users.
  • Reversible encryption (without a secure key management) risks key exposure.
  • A one-size-fits-all hash function with low iteration counts offers little protection against modern attackers.

In summary, the best practice is to store a per-password salted hash using a purpose-built password hashing algorithm with adequate iteration cost. This approach minimizes the risk of credential compromise even if the data store is breached.

4510_COMP_SCI_X_0019 Quiz 8

The best way to store passwords is:

查看解析

登录即可查看完整答案

类似问题

When designing a secure system, why is hashing preferred over encryption for storing passwords?

An important technique to mitigate password dictionary attacks is to ___________.

__________ is a technique used to help protect against attacks exposing the contents of the server where password information is stored.

A hash of data can be identified with attacks, so it is customary to add to a hash to ensure that the hash value appears to be different each time it is used.

In a consumer society, many adults channel creativity into buying things

Economic stress and unpredictable times have resulted in a booming industry for self-help products

People born without creativity never can develop it

更多留学生实用工具

考试浏览器助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单

4510_COMP_SCI_X_0019 Quiz 8

The best way to store passwords is:

查看解析

登录即可查看完整答案

类似问题

When designing a secure system, why is hashing preferred over encryption for storing passwords?

An important technique to mitigate password dictionary attacks is to ___________.

__________ is a technique used to help protect against attacks exposing the contents of the server where password information is stored.

A hash of data can be identified with ________ attacks, so it is customary to add ________ to a hash to ensure that the hash value appears to be different each time it is used.

In a consumer society, many adults channel creativity into buying things

Economic stress and unpredictable times have resulted in a booming industry for self-help products

People born without creativity never can develop it

更多留学生实用工具

希望你的学习变得更简单

A hash of data can be identified with attacks, so it is customary to add to a hash to ensure that the hash value appears to be different each time it is used.