The primary purpose for using one-way hashing of user passwords within a password file is which of the
following?

A.
It prevents an unauthorized person from trying multiple passwords in one logon attempt.

B.
It prevents an unauthorized person from reading the password.

C.
It minimizes the amount of storage required for user passwords.

D.
It minimizes the amount of processing time used for encrypting passwords.

Explanation:
A one-way hash function performs a mathematical encryption operation on a password that cannot be
reversed. This prevents an unauthorized person from reading the password.
Some systems and applications send passwords over the network in cleartext, but a majority of them do not
anymore. Instead, the software performs a one-way hashing function on the password and sends only theresulting value to the authenticating system or service. The authenticating system has a file containing all users’
password hash values, not the passwords themselves, and when the authenticating system is asked to verify a
user’s password, it compares the hashing value sent to what it has in its file.
Incorrect Answers:
A: One-way hashing of user passwords does not prevent an unauthorized person from trying multiple
passwords in one logon attempt. This is not the purpose of one-way hashing.
C: One-way hashing of user passwords does not minimize the amount of storage required for user passwords;
it increases it because a hashed password is typically much longer than the password itself.
D: One-way hashing of user passwords does not minimize the amount of processing time used for encrypting
passwords.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1059