C# PasswordDeriveBytes 混淆

C# PasswordDeriveBytes Confusion(C# PasswordDeriveBytes 混淆)
本文介绍了C# PasswordDeriveBytes 混淆的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我在 C# 中有以下代码

I have following code in C#

PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations);
byte[] KeyBytes = DerivedPassword.GetBytes(32);

我正在使用SHA1"哈希算法.

I am using "SHA1" hashing algorithm.

根据 SHA1 定义,它生成 160 位(20 字节)的密钥.我的问题是 GetBytes 方法如何从 DerivedPassword 中获取 32 个字节,GetBytes 方法背后使用了什么算法?

According to SHA1 definition, its generate 160 bits (20 bytes) key. My question is how GetBytes method get 32 bytes from DerivedPassword, what algorithm used behind GetBytes method?

推荐答案

Microsoft 对原始 PKCS#5(又名 PBKDF1)的实现包括 insecure 扩展,以提供比散列函数所能提供的更多的字节(参见错误报告此处和这里).

Microsoft's implementation of original PKCS#5 (aka PBKDF1) include insecure extensions to provide more bytes than the hash function can provide (see bug reports here and here).

即使它没有错误,您也应该避免对标准进行未记录的专有扩展(否则您将来可能永远无法解密您的数据 - 至少不能在 Windows 之外.)

Even if it was not buggy you should avoid undocumented, proprietary extensions to standards (or you might never be able to decrypt your data in the future - at least not outside Windows.)

强烈建议您使用更新的 Rfc2898DeriveBytes,它实现了自 .NET 2.0 起可用的 PBKDF2 (PKCS#5 v2).

I strongly suggest you to use the newer Rfc2898DeriveBytes which implements PBKDF2 (PKCS#5 v2) which is available since .NET 2.0.

这篇关于C# PasswordDeriveBytes 混淆的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

相关文档推荐

Custom Error Queue Name when using EasyNetQ for RabbitMQ?(使用 EasyNetQ for RabbitMQ 时自定义错误队列名称?)
How to generate password_hash for RabbitMQ Management HTTP API(如何为 RabbitMQ 管理 HTTP API 生成密码哈希)
Rabbitmq Ack or Nack, leaving messages on the queue(Rabbitmq Ack 或 Nack,将消息留在队列中)
Setup RabbitMQ consumer in ASP.NET Core application(在 ASP.NET Core 应用程序中设置 RabbitMQ 消费者)
Specify Publish timeouts in mass transit(指定公共交通中的发布超时)
RabbitMQ asynchronous support(RabbitMQ 异步支持)