A passphrase is turned into a virtual password, but what exactly is a virtual password?
A.
The length and format that is required for a specific system or application
B.
When a passphrase is turned into an encryption key
C.
A hashed version of the passphrase
D.
An encrypted version of the passphrase
Explanation:
A virtual password is the length and format that is required by the application. Theapplication could have a memory segment of 128 bits to store your virtual passwordwhile another application may have a memory segment of 256 bits. The virtualpassword is just the result of your passphrase after it has been hashed or encryptedand converted into the format that is required for a specific application.
The given answers are according to my understanding of Shon Harris “All in One CISSP” 5th ed. answer regarding what is derived from a passphrase debatable.
She answers “Most systems do not use the actual passphrase or password the user enters. Instead, they put this value through some type of encryption or hashing function to come up with another format of that value, referred to as a virtual password” (p. 276).
According to this, I would say A.
This definition what a virtual password is I found in an article “A Virtual Password Scheme to Protect Passwords” by Lei, Xiao, et. all on the Internet.
They defined it that way:
“A virtual password is a password which cannot be applied
directly but instead generates a dynamic password which is
submitted to the server for authentication. A virtual password P
is composed of two parts, a fixed alphanumeric F and a function
B from the domain ψ to ψ, where the ψ is the letter space which
can be used as passwords. We have P=(F, B) and B(F, R) = Pd,
where R is a random number provided by the server (called the
random salt and prompted in the login screen by the server) and
Pd is a dynamic password used for authentication. Since we call
P=(F, B) a virtual password, we call B a virtual function. The
user input includes (ID, Pd), where ID is user ID. On the server
side, the server can also calculate Pd in the same way to compare
it with the submitted password.
”
HTH
I think the answer is “C”, it is a Hashed version of the password i.e. virtual password.
In Shon Harris’ 6th Edition All-In-One Exam Guide on pp. 223-4, she writes “The user enters this phrase into an application, and the application transforms the value into a virtual password, making the passphrase the length and format that is required by the application.”
That explains why A is the answer.
There shouldn’t be any debate about this just check Shon Harris 6th edition. All- in- one exam guide on pp 223-4.You will know the reason why A is answer.
A