A storage as a service company implements both encryption at rest as well as encryption in transit
of customers’ data. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the
development team to implement a solution that will strengthen the customer’s encryption key. Which of the following, if implemented, will MOST increase the time
an offline password attack against the customers’ data would take?
A.
key = NULL ; for (int i=0; i<5000; i++) { key = sha(key + password) }
B.
password = NULL ; for (int i=0; i<10000; i++) { password = sha256(key) }
C.
password = password + sha(password+salt) + aes256(password+salt)
D.
key = aes128(sha256(password), password))