Master hashing and digital signing vocabulary: SHA-256, SHA-3, bcrypt, Argon2, HMAC, digital signatures, rainbow tables, salts, and key derivation functions.
0 / 5 completed
1 / 5
A 'rainbow table attack' targets password hashes. What defence makes this attack ineffective?
A rainbow table is a precomputed lookup table mapping hashes to plaintext passwords. A per-user random salt (stored alongside the hash) means the attacker must compute a new table for every unique salt — making precomputation impractical. Salting is the primary defence; it is why bcrypt and Argon2 incorporate salts automatically.
2 / 5
Why is bcrypt preferred over SHA-256 for storing user passwords?
Cryptographic hash functions like SHA-256 are designed to be fast — a modern GPU can compute billions per second. Password hashing functions (bcrypt, scrypt, Argon2) deliberately introduce computational cost via repeated internal rounds. The work factor can be tuned so hashing takes ~100ms on server hardware, making mass cracking impractical.
HMAC combines a cryptographic hash function with a shared secret key: HMAC(key, message). It provides a MAC — the recipient re-computes HMAC with the shared key and verifies it matches. Unlike digital signatures, HMAC uses a symmetric key, so both parties must share the secret (e.g., used in JWT verification with HS256).
4 / 5
A digital signature is created by:
The signer computes hash(message) and encrypts it with their private key to produce the signature. Anyone with the signer's public key can decrypt the signature to get the expected hash and verify it matches hash(message). This provides non-repudiation — only the private key holder could have produced the signature.
5 / 5
Argon2 is recommended over PBKDF2 for password hashing because:
PBKDF2 is CPU-bound and can be parallelised cheaply on GPUs. Memory-hard functions like Argon2 require large amounts of RAM per computation — GPUs and ASICs have limited memory bandwidth, so parallelism is constrained. Argon2id (the recommended variant) combines resistance to side-channel attacks (Argon2i) and GPU attacks (Argon2d).