Hash

Question #26: Usually passwords in our systems are not stored as it is, but only their hash is stored. If PW is the password, then f(PW) is stored which is not invertible. What do you think is the intention behind this?

Options:

A) So that some malicious user doesn’t change the password file.

B) So that some malicious can’t see password in some text file as PW can’t be obtained from f(PW).

C) So that some malicious user can’t guess the password.

D) None of the above

Solution:

By storing hash instead of password, malicious user can still change the hash file, thereby indirectly changing password if it has root access. But it won’t be able to see the password and hash is not invertible back to password. Hence, the correct answer is option B.

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28

Bytes of the day

A CS byte per day

Q26: Why is password stored as hash?