In an effort to reduce data storage requirements, a company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?
An administrator receives a security alert that appears to be from one of the company’s vendors. The email contains information and instructions for patching a serious flaw that has not been publicly announced. Which of the following can an employee use to validate the authenticity if the email?
A. Hashing algorithm B. Ephemeral Key C. SSL certificate chain D. Private key E. Digital signature
A website is breached, exposing the usernames and MD5 password hashes of its entire user base. Many of these passwords are later cracked using rainbow tables. Which of the following actions could have helped prevent the use of rainbow tables on the password hashes?
A. use salting when computing MD5 hashes of the user passwords B. Use SHA as a hashing algorithm instead of MD5 C. Require SSL for all user logins to secure the password hashes in transit D. Prevent users from using a dictionary word in their password
Which of the following algorithms has well documented collisions? (Select TWO).
A. AES B. MD5 C. SHA D. SHA-256 E. RSA
Correct Answer: B,C Section: Cryptography
B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use.
C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, “Federal agencies should stop using SHA-1
for…applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010”, though that was later
Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.
Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1
in particular both have published techniques more efficient than brute force for finding collisions.
A: AES has much fewer hash collisions compared to both MD5 and SHA.
D: SHA-256 (also known as SHA-2) has much fewer hash collisions compared to both MD5 and SHA.
E: RSA has much fewer hash collisions compared to both MD5 and SHA.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 252, 255, 255-256
Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret?
A. RIPEMD B. MD5 C. SHA D. HMAC
Correct Answer: D Section: Cryptography
HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key. The hashing function provides data integrity, while the symmetric key
A: RIPEMD is a hashing function only and will not provide authenticity.
The RACE Integrity Primitives Evaluation Message Digest (RIPEMD) algorithm was based on MD4. There were questions regarding its security, and it has been replaced by RIPEMD-
160, which uses 160 bits.
B: MD5 is a hashing function only and will not provide authenticity.
The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most
common are MD5, MD4, and MD2.
C: SHA is a hashing function only and will not provide authenticity.
The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139, 255, 260