Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack encrypted data at rest?

A. Use of symmetric encryption
B. Use of asymmetric encryption
C. Random key generation
D. Short key length