Loading page
Review the challenge brief, files, and requirements.
You're analyzing a system with these password storage implementations:
System A: SHA256(password) - no salt
System B: MD5(salt + password) - 16-byte random salt per user
System C: bcrypt(password, cost=10)
System D: SHA256(SHA256(password)) - double hashing
You have obtained a database dump with 10,000 password hashes. Which system is MOST vulnerable to an attack that recovers the MOST passwords in 24 hours using a GPU cluster?
Sign in to attempt this challenge.
Use Proving Grounds to continue your challenge practice.
Open Proving Grounds