A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?
The correct answer is A. Stronger algorithmic requirements. MD5 hashes are weaker than other hashing algorithms, such as SHA-256, which are much more difficult to crack with rainbow tables. Therefore, the penetration tester should recommend that the server use a stronger algorithm to hash passwords, such as SHA-256. This will ensure that passwords remain secure and cannot be easily cracked using rainbow tables.
Option B is incorrect because access controls are related to user authentication, not hashing algorithms.
Option C is incorrect because encryption is used to secure data in transit, not to secure user passwords.
Option D is incorrect because patch management programs are related to updating software, not to the security of user passwords.
A. Stronger algorithmic requirements.
This should include not only using a more robust hashing algorithm but also implementing salting, which would make rainbow table attacks infeasible.
The correct answer is C. Encryption on the user passwords.
MD5 is a weak hashing algorithm that is vulnerable to rainbow table attacks. The fact that the penetration tester was able to easily crack the hashes indicates that the passwords were not properly encrypted. Therefore, a recommendation to include in the remediation report is to implement encryption on the user passwords to ensure that they are not easily cracked in the event of a security breach.
While access controls on the server (B) and a patch management program (D) are important security measures, they are not directly related to the issue of weak password encryption. Stronger algorithmic requirements (A) may be important for other areas of security, but they are not a direct solution to the issue of weak password encryption.
The recommendation that should be included in the remediation report is C. Encryption on the user passwords. A rainbow table is a precomputed table for reversing cryptographic hash functions, which means that the MD5 hashes can easily be cracked. To avoid this vulnerability in the future, it is recommended that the user passwords be encrypted to prevent them from being vulnerable to rainbow table attacks.
Yes MD5 is insecure and so is SHA-1, I recommend using SHA-256 if size of the digest is an issue.
upvoted 5 times
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
RRabbit_111
Highly Voted 1 year, 3 months agorangertau
Highly Voted 1 year, 7 months agoSkater_Grace
Most Recent 6 months, 4 weeks agoUseChatGPT
7 months, 3 weeks agoSkater_Grace
6 months, 4 weeks agosolutionz
9 months agoxviruz2kx
1 year, 1 month agonickwen007
1 year, 1 month agokenechi
1 year, 2 months agomasso435
1 year, 5 months agopetercorn
1 year, 6 months ago