Question

Charles wants to provide additional security for his web application that currently stores passwords in plain text in a database. Which of the following options is his best option to prevent theft of the database from resulting in exposed passwords?

A. Encrypt the database of plain-text passwords.
B. Use MD5 and a salt.
C. Use SHA-1 and a salt.
D. Use bcrypt.

Answer 1

Charles should use bcrypt to secure passwords in his web application's database because bcrypt is a robust password-hashing function that includes a scalable work factor, making it more resistant to brute force attacks compared to older algorithms. So the correct answer is option D.

Step-by-step explanation:

Charles's best option to prevent theft of the database from resulting in exposed passwords is to use bcrypt. Bcrypt is a password-hashing function designed to build a cryptographically secure hash.

Encrypting the database of plain-text passwords only provides security at rest, and once accessed, those passwords are exposed. While MD5 and SHA-1 with salt add more security compared to plain text, these algorithms are outdated and have known vulnerabilities.

Bcrypt includes a work factor (or cost factor), which allows the algorithm to be scaled with hardware capabilities over time, making it resistant to brute force attacks and thus more secure than the other options mentioned.