When choosing a hashing algorithm for storing passwords in a web database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5?
A.
HMAC provides hardware acceleration, thus speeding up authentication
B.
HMAC adds a transport layer handshake, which improves authentication
C.
HMAC-MD5 can be decrypted faster, speeding up performance
Both HMAC-MD5 and simple MD5 have similar computational costs for hashing that's why C is not an option. HMAC doesn't add a transport layer handshake, it's a cryptographic construct used for message authentication, not for handling transport layer protocols- no B. HMAC doesn't directly provide hardware acceleration rather it enhances security by adding a secret key to the hashing process- not A.
HMAC-MD5 is more resistant to brute forcing.
Here is proof. From Messer; MAC
• Hash-based Message Authentication Code
• Combine a hash with a secret key
• e.g., HMAC-MD5, HMAC-SHA1
• Verify data integrity and authenticity
• No fancy asymmetric encryption required
• Used in network encryption protocols
• IPsec, TLS
HMAC (hash-based message authentication code) uses a hashing algorithm along with a symmetric key. Thus, for example, two parties agree to use an MD5 hash. Once the hash is computed, it is exclusively or'd (XOR) with the digest, and that resultant value is the HMAC. Again, should someone intercept the message and attempt to alter the message and the associated HMAC, that party would not have the key and would not be able to duplicate the HMAC.
The question is asking to pick a hashing algorithm for storing passwords to me this is more leaning towards security than performance. I'm going with D on this one.
I think B is correct in my opinion. The HMAC provides both integrity and authenticity of messages. The MD5 portion of the hash provides integrity just as MD5 does. HMAC also uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key. Internet Protocol security (IPsec) and Transport Layer
Security (TLS) often use a version of HMAC such as HMAC-MD5 and HMAC-SHA1. This is explained in Gibson's book.
I'm thinking of D.
You would upgrade from MD5 because its vulnerable.
HMAC-MD5 addresses that vulnerability.
If the question was about performance, A & C may be considered.
Answer is A.
https://www.exam4training.com/when-choosing-a-hashing-algorithm-for-storing-passwords-in-a-web-server-database-which-of-the-following-is-the-best-explanation-for-choosing-hmac-md5-over-simple-md5/
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ID77
1 year, 3 months agoboydmwanza
3 years, 11 months agoboydmwanza
3 years, 11 months agofury247
3 years, 12 months agosuje
4 years agoLB54
3 years, 11 months agoDeep_21
4 years, 1 month agotwander78
4 years, 1 month agomadaraamaterasu
4 years, 1 month agoBrittle
4 years agoTexrax
4 years, 1 month agoBloodSucker322
4 years, 1 month ago