Skip to Content

CompTIA Security+ (Plus): What Is the Best Defense Against Rainbow Table Attacks Using Precomputed Hashes?

By: Author Alex Lim

Posted on

Categories Exam

What is the best defense against rainbow table attacks using precomputed password hashes? Learn how salting protects passwords by making each hash unique—essential for CompTIA Security+ (Plus) SY0-701 exam success.

Table of Contents

Question

An attacker uses a precomputed set of password hashes to quickly crack a password hash from a compromised database. What is the best defense against this?

A. AES encryption
B. Hashing with MD5
C. Certificate pinning
D. Salting
E. Diffie-Hellman key exchange

Answer

D. Salting

Explanation

A salt is a unique value added to each password before hashing, making precomputed rainbow table attacks ineffective.

The best defense against an attacker using a precomputed set of password hashes (rainbow tables) to crack password hashes from a compromised database is salting.

Salting involves adding a unique, random value (salt) to each password before hashing. This ensures that even if two users have the same password, their hashes will be different.

Salting makes rainbow table attacks ineffective because attackers would need to generate a separate rainbow table for every possible salt value, which is computationally and practically unfeasible.

Without a salt, identical passwords produce identical hashes, allowing attackers to use precomputed tables to quickly reverse hashes. With a salt, each hash is unique, so precomputed tables are useless.

Salting should be combined with strong hashing algorithms (like bcrypt, Argon2, or scrypt) for optimal security.

Other options, such as AES encryption or hashing with MD5, do not address the specific threat of rainbow table attacks. Salting directly targets the weakness exploited by precomputed hash attacks.

Salting adds a unique value to each password before hashing, making precomputed rainbow table attacks ineffective by ensuring every hash is unique, even for identical passwords.

CompTIA Security+ (Plus) SY0-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ (Plus) SY0-701 exam and earn CompTIA Security+ (Plus) SY0-701 certification.