My Story Partners Podcasts Blog Resources Contact CISSP Training Program
Academy Login

Weekly CISSP Practice

Exam Questions

Week 33 - Question 1

Which of the following is NOT a property of Secure Hash Algorithm (SHA)?

A.  Irreversible
B.  Fixed-length Output
C.  Variable-length Output
D.  Collision Resistance

Answer: C
Explanation:

A. Irreversible (One-Way Function)

A primary requirement of a cryptographic hash is that it must be a "one-way" function.

  • The Concept: It should be computationally easy to generate a hash from a piece of data, but it should be impossible to take the hash and "reverse" it to find the original data.  

  •  Why it matters: This is why we store "hashes" of passwords instead of the passwords themselves; if the database is stolen, the attacker cannot simply read the passwords.   

B. Fixed-length Output

Regardless of whether you hash a single word or an entire library of books, the resulting hash will always be the exact same size.  

  • The Mechanism: For example, SHA-256 always produces a 256-bit (64-character hex) string.

  • Why it's a property: This makes hashes predictable for storage in databases and for use in digital signatures.

C. Variable-length Output

This is the correct answer because SHA does not do this.

  • Why it's the Answer: If a hash function produced variable-length outputs, it would leak information about the size of the input data, potentially weakening its security. Furthermore, it would make it impossible to use the hash in fixed-size data structures.

  • The Nuance: While there are modern functions called "Extendable-Output Functions" (XOFs), like SHAKE, standard SHA algorithms are strictly fixed-length.

D. Collision Resistance

A "collision" occurs when two different inputs produce the exact same hash output 

  • The Requirement: In a secure algorithm like SHA-256 or SHA-3, it should be computationally infeasible to find two different inputs that result in the same hash  

  • The Risk: If an algorithm is not collision-resistant (like the now-obsolete MD5 or SHA-1), an attacker could substitute a malicious file for a legitimate one without changing the file's hash.

Key Takeaway for the CISSP Exam

To be considered a "Cryptographic Hash," the algorithm must satisfy five main properties:

  1. Deterministic: The same input always results in the same output.

  2. Quick to Compute: The process should be efficient.

  3. Pre-image Resistance: Given a hash, it’s hard to find the input (One-way).  

  4.  Avalanche Effect: A tiny change in the input (like changing one bit) results in a drastically different hash   

  5. Collision Resistance: It’s hard to find two different inputs with the same hash.

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam? 

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.   

Check out channel