A company stores application passwords in a database that could be stolen during a breach. The team wants to prevent attackers from using precomputed tables and also make identical passwords produce different stored values. Which two changes should be implemented? Select two.
Unique salts defeat rainbow tables and ensure matching passwords do not produce identical outputs.
Why this answer
A unique random salt ensures that even if two users have the same password, their stored hashes differ because the salt is combined with the password before hashing. This prevents attackers from using precomputed rainbow tables, as each salt forces a separate table to be generated. Salting does not slow down the hash itself, but it eliminates the efficiency of precomputed attacks.
Exam trap
The trap here is that candidates often think encryption (Option C) is sufficient for password storage, but encryption with a stored key is reversible and vulnerable if the key is compromised, whereas hashing with a salt is one-way and specifically designed to resist precomputed attacks.