CompTIA Security Plus Mock Test Q1130

A new client application developer wants to ensure that the encrypted passwords that are stored in their database are secure from cracking attempts. To implement this, the developer implements a function on the client application that hashes passwords thousands of times prior to being sent to the database. Which of the following did the developer MOST likely implement?

A. RIPEMD
B. PBKDF2
C. HMAC
D. ECDHE

Correct Answer: B
Section: Cryptography

Explanation:
Password-Based Key Derivation Function 2 (PBKDF2) makes use of a hashing operation, an encryption cipher function, or an HMAC operation) on the input password, which is
combined with a salt and is repeated thousands of times.

Incorrect Answers:
A: RIPEMD is a hashing function, but does not hash passwords thousands of times sending it to the database.
C: HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key. It does not, however, hash passwords thousands of times sending it to
the database.
D: ECDHE provides both CRC integrity checks and RCA encryption.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 249, 254, 260, 343