An important technique to mitigate password dictionary attacks is to ___________.

Question

BlackTom AI · Accepted Answer

Let’s break down each option in the context of defending against password dictionary attacks. 
Option a: 'use a carefully designed fast password hash function' — This is not ideal. Fast hash functions (like MD5, SHA-1, or plain bcrypt without work factor) allow an attacker to test many guesses per second, increasing the risk of successful dictionary or brute-force attacks. The purpose of hashing is to store passwords securely, but speed is the adversary’s ally in large-scale guessing; thus, a fast hash without additional protections is counterproductive.
Option b: 'none of the above' — This would be true only if all other statements were wrong. However, there is a well-established defense strategy against dictionary attacks, so this option generally misstates the landscape. It’s not the best choice given the standard practice in password security.
Option c: 'use a carefully designed slow password hash function' — This is the correct approach. Slow hash functions (such as bcrypt, scrypt, or Argon2) introduce computational cost and/or memory-hardness, making each guess expensive. That slowdown dramatically reduces the feasibility of dictionary attacks because an attacker can probe far fewer guesses in a given time, while legitimate authentication remains workable for users. The core concept is to impose a work factor or resource cost per password verification, thereby mitigating rapid-fire guessing.
Option d: 'avoid using password hashing' — This is incorrect and dangerous. Avoiding password hashing would expose plain-text passwords or weakly protected credentials, making breaches far more damaging. Proper hashing (with salts and a slow algorithm) is a foundational security practice, not something to avoid.
Overall, the rationale centers on the trade-off between security and practicality: introducing deliberate computational or memory costs to password verification hinders attacker throughput while preserving usability for legitimate users. The design intention behind slow password hashing is precisely to attenuate the effectiveness of dictionary attacks by increasing per-guess effort.

FIT1093_S2_2025 Week 8 MCQ: System Security - Entity Authentication & Access Control

An important technique to mitigate password dictionary attacks is to ___________.

查看解析

登录即可查看完整答案

类似问题

When designing a secure system, why is hashing preferred over encryption for storing passwords?

__________ is a technique used to help protect against attacks exposing the contents of the server where password information is stored.

The best way to store passwords is:

A hash of data can be identified with attacks, so it is customary to add to a hash to ensure that the hash value appears to be different each time it is used.

In a consumer society, many adults channel creativity into buying things

Economic stress and unpredictable times have resulted in a booming industry for self-help products

People born without creativity never can develop it

更多留学生实用工具

考试浏览器助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单

FIT1093_S2_2025 Week 8 MCQ: System Security - Entity Authentication & Access Control

An important technique to mitigate password dictionary attacks is to ___________.

查看解析

登录即可查看完整答案

类似问题

When designing a secure system, why is hashing preferred over encryption for storing passwords?

__________ is a technique used to help protect against attacks exposing the contents of the server where password information is stored.

The best way to store passwords is:

A hash of data can be identified with ________ attacks, so it is customary to add ________ to a hash to ensure that the hash value appears to be different each time it is used.

In a consumer society, many adults channel creativity into buying things

Economic stress and unpredictable times have resulted in a booming industry for self-help products

People born without creativity never can develop it

更多留学生实用工具

希望你的学习变得更简单

A hash of data can be identified with attacks, so it is customary to add to a hash to ensure that the hash value appears to be different each time it is used.