PasswordDeriveBytes vs Rfc2898DeriveBytes，已过时，但方式更快 [英] PasswordDeriveBytes vs Rfc2898DeriveBytes, Obsolete but way faster

问题描述

我正在使用基于继承自SymmetricAlgorithm（如TripleDes，DES等）的类的加密功能。

I'm working on a encryption functionality based on classes inherited from SymmetricAlgorithm such as TripleDes, DES, etc.

基本上有两个选项可以生成一致的密钥和IV为我的算法类， PasswordDeriveBytes 和 Rfc2898DeriveBytes ，都继承DeriveBytes抽象类。

Basically there're two options to generate consistent key and IV for my algorithm class, PasswordDeriveBytes and Rfc2898DeriveBytes, both inherit from DeriveBytes abstract class.

PasswordDeriveBytes.GetBytes（）方法在.NET框架中标记为过时，推荐使用Rfc2898DeriveBytes.GetBytes（），因为它匹配PBKDF2标准。但是，根据我的测试，在Rfc2898DeriveBytes类中调用相同的 GetBytes（）方法的速度比在 PasswordDeriveBytes class，这会导致意外的CPU使用率（总是高于50％）。

The PasswordDeriveBytes.GetBytes() method is marked as obsolete in .NET framework while Rfc2898DeriveBytes.GetBytes() is recommended, as it matches the PBKDF2 standard. However, based on my testing, calling the same GetBytes() method in Rfc2898DeriveBytes class is almost 15 times slower than that in PasswordDeriveBytes class, which leads to unexpected CPU usage (always higher than 50%).

这里是一些测试数据：

• 迭代：100


• 算法类型：DES


• 原始文本：键，加密我


• 时间：
  
  
  
  
  • PasswordDeriveBytes：99ms
  
  
  • Rfc2898DeriveBytes：1,373ms
  
  
  • Iterations: 100
  • Algorithm type: DES
  • Original Text: "I'm a test key, encrypt me please"
  • Time:
    • PasswordDeriveBytes: 99ms
    • Rfc2898DeriveBytes: 1,373ms

    根据测试， code> Rfc2898DeriveBytes 在生产环境中不可接受。

    Based on the testing, the bad performance of Rfc2898DeriveBytes is not acceptable in production environment.

    以前有人注意到这个问题吗？任何解决方案我仍然可以使用标准的一个没有打的性能？使用过时方法的任何风险（可以在将来的版本中删除）？

    Has anyone noticed this problem before? Any solution I can still use a standard one without hitting the performance? Any risk to use an obsolete method (could be removed in future version)?

    感谢各位！

    strong>编辑：

    可能我发现问题在于... PasswordDeriveBytes 是100，而对于 Rfc2898DeriveBytes 是1000.在我将它们更改为与1000相同的数字后，执行 Rfc2898DeriveBytes

    Probably I found where the problem is... The default iteration count number for PasswordDeriveBytes is 100, while for Rfc2898DeriveBytes is 1000. After I changed them to the same number as 1000, executing Rfc2898DeriveBytes is only double time.

    推荐答案

    这篇博文介绍了两者之间的区别： http://blogs.msdn.com/shawnfa/archive /2004/04/14/generating-a-key-from-a-password.aspx

    This blogpost talks about the differences between the two: http://blogs.msdn.com/shawnfa/archive/2004/04/14/generating-a-key-from-a-password.aspx

    这篇关于PasswordDeriveBytes vs Rfc2898DeriveBytes，已过时，但方式更快的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！