CompTIA Security+ (SY0-501) — Question 880

Which of the following are used to increase the computing time it takes to brute force a password using an offline attack? (Choose two.)

Answer options

• A. XOR
• B. PBKDF2
• C. bcrypt
• D. HMAC
• E. RIPEMD

Correct answer: B, C

Explanation

PBKDF2 and bcrypt are designed to make brute force attacks more time-consuming by incorporating a key stretching mechanism, which increases the computational workload. Options A, D, and E do not provide the same level of resistance against brute force attacks as they are not specifically aimed at increasing computational time for password hashing.