Increase Computing Time for Offline Password Brute Force Attacks

BC.

The two options that are used to increase the computing time it takes to brute force a password using an offline attack are PBKDF2 and bcrypt.

PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that applies a cryptographic hash function, such as SHA-1 or SHA-256, to a password along with a salt value and a number of iterations. The number of iterations is set to a high value to increase the amount of time it takes to compute each hash. The result is a derived key that can be used as a password or as an encryption key.

Bcrypt is another password hashing function that uses a variant of the Blowfish cipher. Bcrypt applies the cipher multiple times to the password and a randomly generated salt value. The number of times the cipher is applied is determined by a work factor parameter, which is set to a high value to increase the amount of time it takes to compute each hash.

By using these techniques, the time required to brute force a password offline can be increased significantly. This is because each attempt at guessing a password requires the attacker to compute the hash function multiple times, which can take a long time when the number of iterations or work factor is set high.

The other options listed in the question, XOR, HMAC, and RIPEMD, are not used to increase the computing time it takes to brute force a password using an offline attack. XOR is a binary operation used in cryptography to encrypt data, HMAC is a message authentication code that uses a cryptographic hash function, and RIPEMD is a family of cryptographic hash functions.