Question

A security administrator is reviewing the following output from an offline password audit:

Username Password Crack Time
User1 Teleportation1 4s
User2 Amphitheater 2s
User3 Undetermined4u. 10s

Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)

A. Cryptoprocessor
B. Bcrypt
C. SHA-256
D. PBKDF2
E. Message authentication

Answer 1

To improve password security after an offline audit showing quick crack times, the systems administrator should implement Bcrypt and PBKDF2, which are algorithms that provide enhanced protection through the use of salts, an adjustable cost factor, and iterations.

Step-by-step explanation:

The student is asking about improving password security following an offline password audit. The results show that existing passwords can be cracked relatively quickly, indicating the need for stronger password storage measures. To best address this issue, two implementations are recommended:

• Bcrypt
• PBKDF2

Bcrypt is a password-hashing function that incorporates a salt to protect against rainbow table attacks and has an adjustable cost factor to increase the computational difficulty of the hash calculations. PBKDF2 (Password-Based Key Derivation Function 2) applies a cryptographic hash function along with a salt and iterates the process many times to increase the complexity and time needed to generate the hash, which protects against brute force attacks.

Implementing these stronger hashing algorithms will significantly increase the time needed to crack passwords if data is compromised, enhancing security across the system.