Security+ Question of the Week: Risk of Collision

Which of the following has the highest risk of collision?

A. SHA‐1
B. HMAC
C. MD5
D. SHA‐2

Reveal Answer

The correct answer is C.

The highest risk of collision is based on the shorted hash value output length. From this list of MD5 has the shortest with 128 bit hash value length. SHA-1 has 160 bit hash value length, and SHA-2 has hash value length starting as 224 increasing from there. HMAC is not a hashing algorithm, instead it is an implementation of hashing. HMAC can use any hashing algorithm, such as MD5 or SHA-1, then adds the use of a symmetric key as a randomness source in order to produce a more complex hash. It does not produce an encrypted hash. Since HMAC can use any hashing algorithm, it is not necessarily using MD5 and with the added randomness, collisions are less common that with MD5 on its own.

 

Related Courses
Security+ Prep Course (SY0-401)
Security+ Certification Boot Camp (SY0-401)

Security+ Question of the Week (SY0-401) Series

• Security+ Question of the Week: Deploying a Firewall
• Security+ Question of the Week: Flood Guard
• Security+ Question of the Week: iSCSI
• Security+ Question of the Week: Wireless MAC Filtering
• Security+ Question of the Week: Quantitative Analysis
• Security+ Question of the Week: Contracts
• Security+ Question of the Week: System Clock
• Security+ Question of the Week: Security Breach Incident Response
• Security+ Question of the Week: Reduce Electrostatic Discharge
• Security+ Question of the Week: Planting Malware
• Security+ Question of the Week: Network Hardening
• Security+ Question of the Week: Fuzzing
• Security+ Question of the Week: Single Sign‐On
• Security+ Question of the Week: Digital Envelope
• Security+ Question of the Week: Confining Communications to a Subnet
• Security+ Question of the Week: DoS Tool
• Security+ Question of the Week: Intranet Defense
• Security+ Question of the Week: War Driving
• Security+ Question of the Week: User Rights and Permissions Checks
• Security+ Question of the Week: Third Party Partnerships
• Security+ Question of the Week: Indicator of Integrity
• Security+ Question of the Week: Incident Response Procedure
• Security+ Question of the Week: Good Password Behavior
• Security+ Question of the Week: Tailgating
• Security+ Question of the Week: Differential Backup
• Security+ Question of the Week: Government and Military
• Security+ Question of the Week: Backdoor
• Security+ Question of the Week: Wrong Name or Address
• Security+ Question of the Week: Increase in Email Hoaxes
• Security+ Question of the Week: Suspicious Location-Based Messages
• Security+ Question of the Week: Session Hijack
• Security+ Question of the Week: Definition of a Threat
• Security+ Question of the Week: Dismiss Alarms
• Security+ Question of the Week: NoSQL vs. SQL Database
• Security+ Question of the Week: BYOD Compliance
• Security+ Question of the Week: Missing Storage Devices
• Security+ Question of the Week: Data Processed by an Application
• Security+ Question of the Week: LDAP Port
• Security+ Question of the Week: Authentication System
• Security+ Question of the Week: Cryptographic Solution
• Security+ Question of the Week: Risk of Collision

from
CERTIVIEW