Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack encrypted data at rest? 

Answer options:

A. Use of symmetric encryption
B. Use of asymmetric encryption
C. Random key generation
D. Short key length

D