SY0-401 Free Dumps Study Materials
Question 25: The Chief Technology Officer (CTO) wants to improve security surrounding storage of
customer passwords.
The company currently stores passwords as SHA hashes. Which of the following can the CTO
implement requiring the LEAST change to existing systems?
A. Smart cards
B. TOTP
C. Key stretching
D. Asymmetric keys
Correct Answer: A
Explanation:
Smart cards usually come in two forms. The most common takes the form of a rectangular piece of
plastic with an embedded microchip. The second is as a USB token. It contains a built in processor
and has the ability to securely store and process information. A "contact" smart card communicates
with a PC using a smart card reader whereas a "contactless" card sends encrypted information via
radio waves to the PC.
Typical scenarios in which smart cards are used include interactive logon, e-mail signing, e-mail
decryption and remote access authentication. However, smart cards are programmable and can
contain programs and data for many different applications. For example smart cards may be used to
store medical histories for use in emergencies, to make electronic cash payments or to verify the
identity of a customer to an e-retailer.
Microsoft provides two device independent APIs to insulate application developers from differences
between current and future implementations: CryptoAPI and Microsoft Win32 SCard APIs.
The Cryptography API contains functions that allow applications to encrypt or digitally sign data in a
flexible manner, while providing protection for the user's sensitive private key data. All cryptographic
operations are performed by independent modules known as cryptographic service providers (CSPs).
There are many different cryptographic algorithms and even when implementing the same algorithm
there are many choices to make about key sizes and padding for example. For this reason, CSPs are
grouped into types, in which each supported CryptoAPI function, by default, performs in a way
particular to that type. For example, CSPs in the PROV_DSS provider type support DSS Signatures and
MD5 and SHA hashing.