CISSP All Domains Practice test 12

We could use nonces, salting and key stretching as well as minimum password age. Nonce is arbitrary number that may only be used once. Salting is random data that is used as an additional input to a one-way function that hashes a password or passphrase. Key stretching – Adding 1-2 seconds to password verification. If an attacker is brute forcing password and need millions of attempts it will become an unfeasible attack. Minimum password age is used to prevent users from cycling through passwords to return to their favorite password again.