What is the primary purpose of salting passwords before hashing?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the WGU ITAS 2142 D830 Introduction to Cryptography Exam. Review flashcards and multiple choice questions with hints and explanations. Get ready for your exam!

Multiple Choice

What is the primary purpose of salting passwords before hashing?

Explanation:
Salting passwords before hashing is mainly to defeat rainbow table attacks. Rainbow tables are precomputed lists of password hashes for common passwords, so an attacker can reverse a hash and discover the original password if no salt is used. Introducing a unique, random salt for each password means the value being hashed is different for every user, even if the passwords are the same. This makes precomputed tables useless, because the attacker would have to generate a separate table for every possible salt, which is extremely costly and impractical. The salt is stored with the hash so the system can verify the password during login. The other options don’t capture the purpose of salting. Creating a fixed-length output is a property of the hash function itself, not why you add a salt. Salting doesn’t inherently speed up hashing; the goal is not speed but security against precomputed attacks. It also isn’t about integrity or authenticity, which require mechanisms like MACs or digital signatures.

Salting passwords before hashing is mainly to defeat rainbow table attacks. Rainbow tables are precomputed lists of password hashes for common passwords, so an attacker can reverse a hash and discover the original password if no salt is used. Introducing a unique, random salt for each password means the value being hashed is different for every user, even if the passwords are the same. This makes precomputed tables useless, because the attacker would have to generate a separate table for every possible salt, which is extremely costly and impractical. The salt is stored with the hash so the system can verify the password during login.

The other options don’t capture the purpose of salting. Creating a fixed-length output is a property of the hash function itself, not why you add a salt. Salting doesn’t inherently speed up hashing; the goal is not speed but security against precomputed attacks. It also isn’t about integrity or authenticity, which require mechanisms like MACs or digital signatures.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy