Cryptographic hashes are used to store passwords in many systems. What exactly is stored?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Digital Forensics, Investigation, and Response Test. Study with multiple choice questions that include hints and explanations. Enhance your understanding of digital forensics principles and get ready for your exam!

Multiple Choice

Cryptographic hashes are used to store passwords in many systems. What exactly is stored?

Explanation:
Storing passwords as a one-way hash means you keep a digest of the password, not the password itself. A cryptographic hash takes input of any length and outputs a fixed-size value, designed so you can’t practically turn that digest back into the original password. The fixed length is determined by the hash function used (for example, 256 bits for SHA-256), so the stored representation is always the same size regardless of how long the password was. During login, the system hashes the password you enter (usually with the same salt) and compares that hash to the stored digest. If they match, the password is correct. The salt is a random value added before hashing to thwart precomputed attacks; the salt is stored with the hash so verification can happen, but it doesn’t change the fact that what’s stored is a fixed-size digest, not the plaintext password. So the best description is that the system stores a fixed-size hash of the password (often with the salt included in or alongside that hash). The other options describe reversible storage, plaintext storage, or use of salts in isolation, which aren’t how passwords are stored.

Storing passwords as a one-way hash means you keep a digest of the password, not the password itself. A cryptographic hash takes input of any length and outputs a fixed-size value, designed so you can’t practically turn that digest back into the original password. The fixed length is determined by the hash function used (for example, 256 bits for SHA-256), so the stored representation is always the same size regardless of how long the password was.

During login, the system hashes the password you enter (usually with the same salt) and compares that hash to the stored digest. If they match, the password is correct. The salt is a random value added before hashing to thwart precomputed attacks; the salt is stored with the hash so verification can happen, but it doesn’t change the fact that what’s stored is a fixed-size digest, not the plaintext password.

So the best description is that the system stores a fixed-size hash of the password (often with the salt included in or alongside that hash). The other options describe reversible storage, plaintext storage, or use of salts in isolation, which aren’t how passwords are stored.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy