Passphrase Authentication: Conversion Process | SSCP Exam Guide

Understanding the Passphrase Conversion Process

Prev Question Next Question

Question

When submitting a passphrase for authentication, the passphrase is converted into ...

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

Passwords can be compromised and must be protected.

In the ideal case, a password should only be used once.

The changing of passwords can also fall between these two extremes.

Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the password's frequency of use.

Obviously, the more times a password is used, the more chance there is of it being compromised.

It is recommended to use a passphrase instead of a password.A passphrase is more resistant to attacks.The passphrase is converted into a virtual password by the system.Often time the passphrase will exceed the maximum length supported by the system and it must be trucated into a Virtual Password.

Reference(s) used for this question: http://www.itl.nist.gov/fipspubs/fip112.htm and KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36 & 37.

When a passphrase is submitted for authentication, it goes through a process known as password hashing. Password hashing is a technique used to convert a plaintext password or passphrase into a fixed-length string of characters (a hash) that is unique to the input. The hash is then stored by the system instead of the plaintext password.

The purpose of password hashing is to make it more difficult for attackers to steal passwords in the event of a security breach. Since the hash is unique to the input, it is difficult to reverse-engineer the password from the hash.

In summary, when a passphrase is submitted for authentication, it is converted into a hash by the system using a password hashing algorithm. This hash is then stored by the system and is used to compare against the hash of the passphrase entered during subsequent login attempts. If the hashes match, the user is authenticated and granted access to the system.