GIAC Penetration Tester (GPEN) — Question 46

What is the impact on pre-calculated Rainbow Tables of adding multiple salts to a set of passwords?

Answer options

• A. Salts increases the time to crack the original password by increasing the number oftables that must be calculated.
• B. Salts double the total size of a rainbow table database.
• C. Salts can be reversed or removed from encoding quickly to produce unsaltedhashes.
• D. Salts have little effect because they can be calculated on the fly with applicationssuch as Ophcrack.

Correct answer: B

Explanation

The correct answer is B, as adding salts indeed increases the size of the rainbow table database due to the need to create separate tables for each unique salt. Option A is incorrect because while salts do increase the complexity of cracking, they don't specifically increase the number of tables calculated in a pre-computed Rainbow Table. Option C is misleading because salts cannot be easily removed from hashes. Option D is also incorrect as it underestimates the impact of salts on the effectiveness of pre-computed tables.