Exam SY0-601 topic 1 question 95 discussion

Salting refers to adding random data to the input of a hash function to guarantee a unique output. The set password, in this case, is already hashed so to further secure it salting is the next step in cryptography i.e. adding more security to the password. Think of it as "salt bae" making it just that much better.

Passed my exam 27, April 23. This question was on my test.

The reason the encrypted passwords do not match is due to the use of salting. In password hashing, salting involves adding a random value (the salt) to the password before hashing it. The salt value is unique for each user, which means even if two users have the same password, their hashed passwords will be different due to the different salt values. In the given scenario, the three encrypted passwords for Alice, Bob, and Chris do not match each other because each password is hashed with a different salt. This adds an extra layer of security and prevents attackers from easily identifying common passwords by looking at the hashed values.

In password storage, salting is the practice of adding a random value (salt) to each password before hashing it. The salt is then stored alongside the hashed password. Salting enhances the security of stored passwords by introducing uniqueness to each password hash, even if two users have the same password. In the given scenario, the encrypted passwords do not match because each password has been salted before being hashed. This means that even though the original passwords were the same (P@55w0rD), the addition of a unique salt value resulted in different hashed representations for each user.

Why not key stretching tho? It well can be key stretching too.

The encrypted passwords do not match because of "Salting." Salting is a technique that adds a random string of characters to a password before hashing it, so that even if two users have the same password, their encrypted passwords will be different. This makes it more difficult for attackers to use precomputed tables of hashes to crack passwords. In the given scenario, if salting was not used, all users would have the same password hash, making it easy for an attacker to gain unauthorized access to all accounts by cracking just one password.

C, salt

C. Salting. Salts eliminate the possibility that duplicate hashes are stored for different user accounts that have the same password.

C all day long

salt A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to ("salting") each plaintext input

Haha I get that the question says "Against IT recommendations" but can you imagine a company actually setting everyone's passwords to the same password? There would be no least privilege or admin credentials. Haha anyways the example is testing to see why hash values of the same password would be different and that would be done by adding salt which is an arbitrary or mathematical extra something to the password to give it a different value when hashed.

different passwords have different hashes but in this case, the same password is used and the only way to achieve different outcomes is by salting...adding random data to the password (same or not) when hashing to change the stored hash value.

I'm no expert, but I believe the hashed passwords are actually stored in etc/shadow. Anyways, it's salting.