Hashing algorithms are used to securely store passwords by transforming them into fixed-length strings. A secure hashing algorithm for passwords should be resistant to collision attacks, preimage attacks, and brute-force attempts, and should be slow to compute to deter attackers. Let’s evaluate the options:
Option A ("SHA-0"): SHA-0 is the original version of the SHA family, published in 1993, but it was quickly withdrawn due to serious cryptographic weaknesses (e.g., collision vulnerabilities). It is not secure and should not be used.
Option B ("MD5"): MD5 is a widely used hash function but is cryptographically broken. It is vulnerable to collision attacks (e.g., practical attacks demonstrated since 2004) and is extremely fast, making it unsuitable for password hashing as it can be brute-forced easily.
Option C ("SHA-1"): SHA-1, part of the SHA family, is also considered broken for security purposes. It has known collision vulnerabilities (e.g., the SHAttered attack in 2017 demonstrated practical collisions), and like MD5, it is too fast for secure password hashing.
Option D ("Bcrypt"): Bcrypt is specifically designed for password hashing. It is a slow hashing algorithm with a configurable work factor (cost factor), making it resistant to brute-force attacks. It also includes a built-in salt to prevent rainbow table attacks. Bcrypt is widely recommended by security standards (e.g., OWASP, NIST) for secure password storage and is the most secure option among those listed.
The correct answer is D, aligning with the CAP syllabus under "Password Hashing" and "Cryptographic Best Practices."References: SecOps Group CAP Documents - "Secure Password Storage," "Hashing Algorithms," and "OWASP Password Storage Cheat Sheet" sections.
