CH25 Hashing Flashcards
Keith wants to validate the application file that he downloaded from the vendor of the application. Which of the following should he compare against the file to verify the integrity of the downloaded application?
a. File size and file creation date
b. MD5 or SHA1 hash digest of the files
c. Private key of the file
d. Public key of the file
b. MD5 or SHA1 hash digest of the files
Keith should conduct a hash of the downloaded file and compare it against the MD5 hash digest listed on the server of this file. This file needs to be a verifiable MD5 hash file in order to validate the file integrity has not been compromised during the download. This is an important step to ensure the file was not modified in transit during the download. The other options are insufficient to guarantee the integrity of the downloaded file since integrity checking relies on the comparison of the two hash digests.
Which of the following hashing algorithms results in a 160-bit fixed output?
a. MD-5
b. SHA-1
c. NTLM
d. SHA-2
b. SHA-1
SHA-1 creates a 160-bit fixed output. SHA-2 creates a 256-bit fixed output. NTLM creates a 128-bit fixed output. MD-5 creates a 128-bit fixed output.
In an effort to increase the security of their passwords, Dion Training has added a salt and cryptographic hash to their passwords prior to storing them. To further increase security, they run this process many times before storing the passwords. What is this technique called?
a. Key Stretching
b. Rainbow table
c. Salting
d. Collision resistance
a. Key Stretching
In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key. The question describes one such key stretching technique.