C＃PasswordDeriveBytes混乱 [英] C# PasswordDeriveBytes Confusion

问题描述

我有以下code在C＃

I have following code in C#

PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations);
byte[] KeyBytes = DerivedPassword.GetBytes(32);

我使用SHA1散列算法。

I am using "SHA1" hashing algorithm.

据SHA1定义，它产生160位（20字节）键。我的问题是如何GetBytes方法从DerivedPassword得到32字节，后面GetBytes方法用哪种算法？

According to SHA1 definition, its generate 160 bits (20 bytes) key. My question is how GetBytes method get 32 bytes from DerivedPassword, what algorithm used behind GetBytes method?

推荐答案

微软执行原来的PKCS＃5（又名PBKDF1）包括不安全扩展来提供更多的字节比哈希函数可以提供（见这里 bug报告和的这里）。

Microsoft's implementation of original PKCS#5 (aka PBKDF1) include insecure extensions to provide more bytes than the hash function can provide (see bug reports here and here).

即使它不是马车，你应该避免无证的，专有的扩展标准（或者你可能永远也无法解密你的数据在未来的 - 至少不是外部Windows）

Even if it was not buggy you should avoid undocumented, proprietary extensions to standards (or you might never be able to decrypt your data in the future - at least not outside Windows.)

我强烈建议您使用较新的 Rfc2898DeriveBytes 它实现PBKDF2（PKCS＃5 V2），这是可用，因为.NET 2.0。

I strongly suggest you to use the newer Rfc2898DeriveBytes which implements PBKDF2 (PKCS#5 v2) which is available since .NET 2.0.

这篇关于C＃PasswordDeriveBytes混乱的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！