Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 136

A web application is being developed to provide online sales to a retailer. The customers will need to use their username and passwords to login into their profile and complete their order. For this reason, the application must store user passwords.
Which approach ensures that an attacker will need to crack the passwords one at a time?

Answer options

• A. Store the passwords by using asymmetric encryption.
• B. Apply the salting technique.
• C. Store the passwords by using symmetric encryption.
• D. Apply the peppering technique.

Correct answer: B

Explanation

The salting technique involves adding a unique value to each password before hashing, making it significantly harder for attackers to crack multiple passwords at once, as each password hash will be different. Asymmetric and symmetric encryption do not prevent bulk cracking effectively, as they can allow attackers to reverse the encryption if they gain access to the keys. Peppering adds an additional secret but does not provide the same level of protection against individual password cracking as salting does.