KDFs & Password Hashing Checkpoint

HKDF, PBKDF2, salts, peppers, and parameter selection.

1. The primary goal of a password hashing KDF is to:

Make offline guessing expensive Produce a random nonce Encrypt passwords reversibly Hide the username

2. A salt primarily prevents:

Precomputed rainbow table attacks Online rate limiting Side-channel leakage Key reuse

3. A pepper is:

A secret value stored separately from the database A public random salt An IV for AES A hash output

4. HKDF has two phases called:

Extract and Expand Encrypt and Authenticate Sign and Verify Pad and Hash

5. The PRK in HKDF is produced by:

HMAC(salt, IKM) SHA256(IKM) XOR of IKM and salt Encrypting IKM with salt

6. PBKDF2 increases attacker cost by:

Repeated HMAC iterations Adding a random nonce Using a longer hash output Encrypting with RSA

7. Memory-hard KDFs (e.g., scrypt/Argon2) add cost by:

Requiring large memory and bandwidth Using a larger RSA key Adding extra salts Making hashes longer

8. HKDF is typically used for:

Deriving multiple keys from a shared secret Hashing passwords for storage Encrypting large files directly Creating random nonces

9. When encoding a password hash, you must store:

Algorithm, parameters, and salt Only the hash output Only the salt Only the iteration count

10. Constant-time comparison is important because:

Timing can leak how many prefix bytes match It makes hashing faster It increases entropy It prevents collisions

Auto-advance on pass