During a security assessment, you obtain the user_password column from a legacy application. Each value is a single-round SHA-1 hex digest with no additional data. To make future data breaches resilient against rainbow-table password cracking, which single change should you recommend to the development team?
Encrypt each existing SHA-1 hash with AES-128 in ECB mode using a key hard-coded in the source code.
Replace SHA-1 with bcrypt so each password is salted and key-stretched before storage.
Re-hash all passwords with unsalted SHA-256 instead of SHA-1.
Keep SHA-1 but append a fixed, company-wide pepper string to every password before hashing.
Rainbow tables rely on pre-computed hash values that assume no per-password randomness. Bcrypt automatically generates a unique 128-bit salt for every password and repeats the hashing process thousands of times, so an attacker would have to recompute tables for every individual salt value, making the attack impractical. Simply switching to SHA-256 keeps the data vulnerable because it is still fast and unsalted. Adding a static pepper helps only if the pepper remains secret; once exposed, rainbow tables can be built again. Encrypting hashes with a hard-coded AES key just converts the problem to key recovery and still leaves deterministic ciphertexts that can be compared offline.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is bcrypt preferable over SHA-1 for password hashing?
Open an interactive chat with Bash
What is a salt, and how does it protect password hashes?
Open an interactive chat with Bash
What is key-stretching in cryptography and how does bcrypt use it?
Open an interactive chat with Bash
What is a rainbow table?
Open an interactive chat with Bash
What is bcrypt and why is it recommended over SHA-1?
Open an interactive chat with Bash
What is key stretching, and how does it improve security?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .