问题描述
我想在 c# 中使用 Rfc2898 来派生密钥.我还需要使用 SHA256 作为 Rfc2898 的摘要.我找到了类 Rfc2898DeriveBytes
,但它使用 SHA-1,我看不出有办法让它使用不同的摘要.
I want to use Rfc2898 in c# to derive a key. I also need to use SHA256 as Digest for Rfc2898. I found the class Rfc2898DeriveBytes
, but it uses SHA-1 and I don't see a way to make it use a different digest.
有没有办法在 c# 中使用 Rfc2898 和 SHA256 作为摘要(没有从头开始实现它)?
Is there a way to use Rfc2898 in c# with SHA256 as digest (short of implementing it from scratch)?
推荐答案
查看 Bruno Garcia 的回答.
See Bruno Garcia's answer.
Carsten:请接受那个答案而不是这个答案.
Carsten: Please accept that answer rather than this one.
在我开始回答这个问题时,Rfc2898DeriveBytes 无法配置为使用不同的哈希函数.但与此同时,它也得到了改进.见布鲁诺加西亚的回答.以下函数可用于生成用户提供的密码的哈希版本,以存储在数据库中用于身份验证.
At the time I started this answer, Rfc2898DeriveBytes was not configurable to use a different hash function. In the meantime, though, it has been improved; see Bruno Garcia's answer. The following function can be used to generate a hashed version of a user-provided password to store in a database for authentication purposes.
对于旧 .NET 框架的用户,这仍然很有用:
For users of older .NET frameworks, this is still useful:
// NOTE: The iteration count should
// be as high as possible without causing
// unreasonable delay. Note also that the password
// and salt are byte arrays, not strings. After use,
// the password and salt should be cleared (with Array.Clear)
public static byte[] PBKDF2Sha256GetBytes(int dklen, byte[] password, byte[] salt, int iterationCount){
using(var hmac=new System.Security.Cryptography.HMACSHA256(password)){
int hashLength=hmac.HashSize/8;
if((hmac.HashSize&7)!=0)
hashLength++;
int keyLength=dklen/hashLength;
if((long)dklen>(0xFFFFFFFFL*hashLength) || dklen<0)
throw new ArgumentOutOfRangeException("dklen");
if(dklen%hashLength!=0)
keyLength++;
byte[] extendedkey=new byte[salt.Length+4];
Buffer.BlockCopy(salt,0,extendedkey,0,salt.Length);
using(var ms=new System.IO.MemoryStream()){
for(int i=0;i<keyLength;i++){
extendedkey[salt.Length]=(byte)(((i+1)>>24)&0xFF);
extendedkey[salt.Length+1]=(byte)(((i+1)>>16)&0xFF);
extendedkey[salt.Length+2]=(byte)(((i+1)>>8)&0xFF);
extendedkey[salt.Length+3]=(byte)(((i+1))&0xFF);
byte[] u=hmac.ComputeHash(extendedkey);
Array.Clear(extendedkey,salt.Length,4);
byte[] f=u;
for(int j=1;j<iterationCount;j++){
u=hmac.ComputeHash(u);
for(int k=0;k<f.Length;k++){
f[k]^=u[k];
}
}
ms.Write(f,0,f.Length);
Array.Clear(u,0,u.Length);
Array.Clear(f,0,f.Length);
}
byte[] dk=new byte[dklen];
ms.Position=0;
ms.Read(dk,0,dklen);
ms.Position=0;
for(long i=0;i<ms.Length;i++){
ms.WriteByte(0);
}
Array.Clear(extendedkey,0,extendedkey.Length);
return dk;
}
}
这篇关于Rfc2898/PBKDF2 与 SHA256 作为 C# 中的摘要的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!