Exam 350-701 topic 1 question 557 discussion

Limits brute-force attack surface by using ephemeral keys. Protects even if one key/session is compromised Is a key exchange mechanism, not just hashing

A. PFS (Perfect Forward Secrecy) Why not the other options? B. MD5 (Message-Digest Algorithm 5): MD5 is a hashing algorithm and is no longer considered secure due to vulnerabilities like collision attacks. It provides no protection against brute-force attacks. C. HMAC (Hash-Based Message Authentication Code): HMAC is used for message integrity and authentication but is not designed to provide protection specifically against brute-force attacks. D. SHA (Secure Hash Algorithm): SHA is a family of cryptographic hash functions (e.g., SHA-256), but like MD5, it is not designed to defend against brute-force attacks directly. It is used for hashing and data integrity.

Answer a

HMAC if for authentication for me is SHA answer is D

Technically if we ignore perfect forward secrecy, which is more of a concept/feature, in my opinion, HMAC would be the strongest to crack via brute force. You'd need the secret on top of the hash function,s o sha combined with a secret.

"Since PFS uses unique session keys, attackers are only able to view the data specific to a particular exchange if they recover the private keys for that exchange. This segmentation of SSL/TLS sessions greatly reduces the risk of a severe data breach through this vector." So PFS also has a role against brute-force attacks. But it is not an algorithm.

The type of algorithm that provides the highest level of protection against brute-force attacks is SHA.

PFS is a feature not an algorithim, MD5 is to weak HMAC is hashing SHA is the strongest