.NET:PasswordDeriveBytes和Rfc2898DeriveBytes的区别 [英] .NET: Difference between PasswordDeriveBytes and Rfc2898DeriveBytes
问题描述
我想了解一些C# - code,我一直在流传,其中涉及加密技术,特别是使用 PasswordDeriveBytes 从 System.Security.Cryptography 。
I'm trying to understand some C#-code, I have been handed, which deals with cryptography, and specifically uses PasswordDeriveBytes from System.Security.Cryptography.
在<一个href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.passwordderivebytes.aspx">.NET文档,它说, PasswordDeriveBytes 使用也就是后来的指定为PKCS#5 V2.0标准文件中的PBKDF1算法的扩展 ,这是PBKDF2(据我可以告诉)。到处在网上我发现了(这里包括对堆栈交换),虽然大家都说使用Rfc2898DeriveBytes,造成密码*是pcated德$ P $和使用PBKDF1。但在文档的 msdn.microsoft.com 唯一的区别似乎是在RFC * -version专门提到PBKDF2,其中密码*说: 扩展PBKDF1的和PKCS#5 2.0版。
In the .NET docs , it says that PasswordDeriveBytes uses "an extension of the PBKDF1 algorithm" which is later in the document specified as "the PKCS#5 v2.0 standard", which is PBKDF2 (as far as I can tell). Everywhere on the net I've found (including here on Stack Exchange), though, everyone says "use Rfc2898DeriveBytes, cause Password* is deprecated and uses PBKDF1". But the only difference in the docs at msdn.microsoft.com seems to be that the Rfc*-version specifically mentions PBKDF2, where Password* says "extension of PBKDF1" and "PKCS#5 v 2.0".
那么,谁能告诉我不同的是两个阶级之间有什么(如果有的话),我为什么要使用一个而不是其他的PBKDF2密码密钥导出?
So, can anyone tell me what the difference is between the two classes (if any) and why I should use one rather than the other for PBKDF2 password key derivation?
现在,其他的code,具有相同的数据处理,明确地使用PBKDF2和作品,所以这将表明,的确 PasswordDeriveBytes 也使用PBKDF2,或这PBKDF2是简单地在某些情况下PBKDF1兼容的,但我想知道肯定,这不是一些随意的事情一定的副作用,那事情就神奇地运行(并且最终可能会奇迹般地和壮观的突破),没有任何人真正理解为什么
Now, other code, that deals with the same data, explicitly uses PBKDF2, and works, so that would suggest that indeed PasswordDeriveBytes also uses PBKDF2, or that PBKDF2 is simply compatible with PBKDF1 under certain circumstances, but I want to know for sure that it's not some side effect of some random thing, and that things just magically works (and eventually probably will magically and spectacularly break) without anyone really understanding why.
推荐答案
下面是一个博客文章,详细说明差异:
Here's a blog post detailing the differences:
的http://blogs.msdn.com/b/shawnfa/archive/2004/04/14/generating-a-key-from-a-password.aspx
PBKDF2可用于生成任何长度,这对于基于密码的加密非常有用的键但意味着较少的安全密码(所要求的对称密码就可以产生任何密钥长度)存储。它也适用于使用,而不是串联像PBKDF1,这在弱盐的情况下,具有较好的安全性HMAC盐。
PBKDF2 can be used to generate keys of any length, which is very useful for password-based encryption (it can generate any key length as required by the symmetric cipher) but means less for secure password storage. It also applies the salt using HMAC instead of concatenation like PBKDF1, which has better security properties in cases of weak salts.
这篇关于.NET:PasswordDeriveBytes和Rfc2898DeriveBytes的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
