在C＃中使用PBKDF2 HMAC SHA-256或SHA-512，如何使用盐和迭代进行哈希密码？ [英] How can I hash passwords with salt and iterations using PBKDF2 HMAC SHA-256 or SHA-512 in C#?

问题描述

我想找到一个解决方案或方法，让我添加盐并控制迭代次数。本地Rfc2898DeriveBytes基于HMACSHA1。理想情况下，使用SHA-256或SHA-512将使系统面向未来。

这是迄今为止发现的最佳示例：，但是当我用SHA-256运行它时，实际上比SHA-512慢。我使用64k次迭代，一个盐和一个不同长度的密码进行比较。

我还发现了这个解决方案： http://sourceforge.net/projects/pwdtknet/ ，其中提供了完整的源代码。似乎更加健壮。

到目前为止，我无法从中获得相同的输出。

解决方案

PWDTK.NET库（ http://sourceforge.net/projects/pwdtknet/）似乎是唯一的实现，我可以发现，PBKDF2 HMAC SHA-512并允许盐和迭代。我无法找到PBKDF2 HMAC SHA-512的测试向量进行测试。

我很惊讶，这里已经没有更多的开发者了。

回答我自己的问题，但是由于评论已经降级为关于速度的讨论，没有人回答过，我也可以这样做。

感谢所有评论者。 / p>

I would like to find a solution or method that will allow me to add salt and control the number of iterations. The native Rfc2898DeriveBytes is based on HMACSHA1. Ideally, using SHA-256 or SHA-512 will make the system future proof.

This is the best example I have found so far: http://jmedved.com/2012/04/pbkdf2-with-sha-256-and-others/ but when I ran it with SHA-256 it was actually slower than with SHA-512. I used 64k iterations, a guid for salt and different same length passwords to compare.

I also found this solution: http://sourceforge.net/projects/pwdtknet/ which has full source code available. It seems to be more robust.

So far I am not able to get the same output from each of them.

解决方案

The PWDTK.NET library (http://sourceforge.net/projects/pwdtknet/) seems to be the only implementation I can find that does PBKDF2 HMAC SHA-512 and allows for salt and iterations. I have not been able to locate test vectors for PBKDF2 HMAC SHA-512 to test with.

I am surprised that there are not more devs out there using this already.

Not a big fan of answering my own questions, but since the comments degraded into a discussion about speed and no one else has answered yet, I might as well.

Thanks for all who commented.

这篇关于在C＃中使用PBKDF2 HMAC SHA-256或SHA-512，如何使用盐和迭代进行哈希密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！