CompTIA Security Plus Mock Test Q1057

Which of the following algorithms has well documented collisions? (Select TWO).

A. AES
B. MD5
C. SHA
D. SHA-256
E. RSA

Correct Answer: B,C
Section: Cryptography

Explanation:
B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use.
C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, “Federal agencies should stop using SHA-1
for…applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010”, though that was later
relaxed.
Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.
Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1
in particular both have published techniques more efficient than brute force for finding collisions.

Incorrect Answers:
A: AES has much fewer hash collisions compared to both MD5 and SHA.
D: SHA-256 (also known as SHA-2) has much fewer hash collisions compared to both MD5 and SHA.
E: RSA has much fewer hash collisions compared to both MD5 and SHA.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 252, 255, 255-256