Which statement about MD5 is accurate?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the EC-Council Certified Security Specialist (ECSS) Test. Enhance your skills with flashcards and multiple-choice questions; each question provides hints and explanations. Prepare confidently for your exam!

Multiple Choice

Which statement about MD5 is accurate?

Explanation:
MD5 is a cryptographic hash function that takes input data and produces a fixed-size 128-bit digest. It isn’t an encryption method—it doesn’t use keys and isn’t reversible. This makes it useful for creating a fingerprint of data to verify integrity, rather than for hiding information. The statement describes MD5 as a hashing algorithm used for digital signatures and password storage, which is accurate in concept. In digital signatures, a hash of the message is created and then signed with a private key, binding the signature to the content without signing the entire message. For passwords, the common approach is to hash the password and store the hash; during login, the provided password is hashed again and compared to the stored value. However, MD5 has significant weaknesses. It has known collision vulnerabilities, meaning two different inputs can produce the same hash, and its speed makes it easy to perform brute-force or rainbow-table attacks. Because of these issues, MD5 is no longer trusted for new systems. For signatures, stronger hashes (like SHA-256 or better) are preferred, and for passwords, salted, iterated hashing algorithms (such as bcrypt, scrypt, or Argon2) are recommended.

MD5 is a cryptographic hash function that takes input data and produces a fixed-size 128-bit digest. It isn’t an encryption method—it doesn’t use keys and isn’t reversible. This makes it useful for creating a fingerprint of data to verify integrity, rather than for hiding information.

The statement describes MD5 as a hashing algorithm used for digital signatures and password storage, which is accurate in concept. In digital signatures, a hash of the message is created and then signed with a private key, binding the signature to the content without signing the entire message. For passwords, the common approach is to hash the password and store the hash; during login, the provided password is hashed again and compared to the stored value.

However, MD5 has significant weaknesses. It has known collision vulnerabilities, meaning two different inputs can produce the same hash, and its speed makes it easy to perform brute-force or rainbow-table attacks. Because of these issues, MD5 is no longer trusted for new systems. For signatures, stronger hashes (like SHA-256 or better) are preferred, and for passwords, salted, iterated hashing algorithms (such as bcrypt, scrypt, or Argon2) are recommended.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy