Approximately how many iterations are performed in the described MD5-based password hashing process?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Approximately how many iterations are performed in the described MD5-based password hashing process?

Explanation:
Hash functions used for passwords are slowed down by applying the hash multiple times, which increases the cost for an attacker trying many guesses. In the MD5-based scheme commonly described (md5crypt), the process runs the MD5 function about 1,000 times, mixing in the salt and the password over many rounds. This makes each password check noticeably slower for an attacker while remaining feasible for legitimate authentication. Among the options, roughly one thousand iterations best fits this approach; fewer iterations would weaken security, and significantly more would impose unnecessary overhead for normal use.

Hash functions used for passwords are slowed down by applying the hash multiple times, which increases the cost for an attacker trying many guesses. In the MD5-based scheme commonly described (md5crypt), the process runs the MD5 function about 1,000 times, mixing in the salt and the password over many rounds. This makes each password check noticeably slower for an attacker while remaining feasible for legitimate authentication. Among the options, roughly one thousand iterations best fits this approach; fewer iterations would weaken security, and significantly more would impose unnecessary overhead for normal use.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy