CompTIA Security+ (SY0-501) — Question 802

When choosing a hashing algorithm for storing passwords in a web database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5?

Answer options

• A. HMAC provides hardware acceleration, thus speeding up authentication
• B. HMAC adds a transport layer handshake, which improves authentication
• C. HMAC-MD5 can be decrypted faster, speeding up performance
• D. HMAC-MD5 is more resistant to brute forcing

Correct answer: B

Explanation

The correct answer is B because HMAC-MD5 includes a transport layer handshake, which adds an extra layer of security during the authentication process. Options A and C are incorrect as HMAC does not inherently provide hardware acceleration or faster decryption. Option D, while HMAC-MD5 is more secure than MD5, does not specifically pertain to brute force resistance compared to the enhancement offered by the handshake.