Ahmed wants to make offline brute-force attacks against his password file very hard for attackers. Which of the following is NOT a popular technique to make passwords more complex to crack?

Retaining the actual password is not a best practice, and thus encrypting password plain text is not a common technique to make passwords harder to crack. Since the application would need the cryptographic key to read the passwords, anybody who had access to that key could decrypt the passwords. Using a salt, a pepper, and a cryptographic hashing algorithm designed for passwords are all common best practices to prevent offline brute-force attacks.