Online Introduction-to-Cryptography Questions Video

A salt is a unique, random value stored alongside a password hash and combined with the password during hashing. Its main security benefit is that it ensures identical passwords do not produce identical hashes across different accounts or systems. If two users choose the same password, their stored hashes will differ because their salts differ, which directly prevents attackers from spotting shared passwords by comparing hashes. Salts also defeat precomputation attacks such as rainbow tables, because an attacker would need to regenerate tables for each possible salt value—a task that becomes infeasible when salts are large and unique per password. Salt does not enforce password complexity rules (that’s a policy/validation function), does not guarantee users choose different passwords, and does not prevent password reuse across sites. The correct statement is that salt makes the resulting hash different even for the same password, improving resistance to offline cracking at scale and eliminating the “same hash = same password” shortcut attackers rely on.

OTP systems (such as HOTP and TOTP) generate a sequence of passwords using a shared secret and a moving factor (counter or time). The critical secret that underpins the ability to compute past or future OTP values is the seed (also called the shared secret key). In HOTP, the seed is used with an HMAC function and an incrementing counter; in TOTP, the seed is used with HMAC and a time-step value. If an attacker obtains the seed and knows the algorithm and moving factor, they can compute future OTPs. The “function” and “encryption algorithm” are typically standardized and public; security relies on keeping the seed secret. An initialization vector is not a standard OTP component in HOTP/TOTP generation. Therefore, the component needed to predict future OTP values is the seed. Protecting the seed is essential: it should be stored securely (e.g., hardware token secure storage) and transmitted only through controlled provisioning processes. If compromised, OTP becomes predictable and no longer serves as a strong second factor.

Large-scale quantum computers threaten many widely deployed public-key algorithms because quantum algorithms can solve their underlying hard math problems efficiently. In particular, Shor’s algorithm can factor large integers and compute discrete logarithms in polynomial time, which directly breaks the security assumptions of RSA (factoring) and traditional Diffie–Hellman/ECC (discrete log). That makes RSA the clearest target among the options. By comparison, symmetric algorithms like AES are affected mainly by Grover’s algorithm, which provides a quadratic speedup for brute force; this can be mitigated by using larger keys (e.g., AES-256). Hash functions like SHA-256 also face Grover-style speedups for preimage search, again mitigated by output length/security margin, and collision resistance is impacted differently. ECB is a mode of operation, not a standalone algorithm, and its issues are classical (pattern leakage), not specifically quantum. Therefore, the algorithm most directly threatened by quantum computing among the choices is RSA.

The Enigma machine is historically known as an electro-mechanical cipher device used primarily by Nazi Germany to secure military and diplomatic communications during World War II. It implemented a polyalphabetic substitution through a system of rotors, a reflector, and a plugboard, producing a large number of possible daily key settings. Operators would configure rotor order, ring settings, initial positions, and plugboard swaps, then type messages to generate ciphertext. Enigma’s operational security depended heavily on correct procedures and secrecy of keys; weaknesses in procedures and design properties, combined with brilliant cryptanalysis and engineering efforts by Allied codebreakers (notably at Bletchley Park), enabled large-scale decryption of Enigma-encrypted traffic. In cryptography history, Enigma represents the transition from manual ciphers to machine-assisted encryption and demonstrates how both mathematics and operational practices determine real-world security. It is not simply an “algorithm” in the modern software sense, and it is not a decryption method or email encryption tool. Therefore, the correct description is that it was a device used for secure communication during WWII.