A security administrator determined that the time required to brute force 90% of the company’s password hashes is below the acceptable threshold. Which of the
following, if implemented, has the GREATEST impact in bringing this time above the acceptable threshold?
A.
Use a shadow password file.
B.
Increase the number of PBKDF2 iterations.
C.
Change the algorithm used to salt all passwords.
D.
Use a stronger hashing algorithm for password storage.
PBKDF2 is an example of a key-stretching technology. Key stretching is a collection of techniques that can potentially take a weak key or password and stretch to become more secure, at least against BRUTE FORCE attacks. Often, key stretching involves ADDING iterative computations that increase the effort involved in creating the improved key result, usually by several orders of magnitude.
1
0