none
RFC2898DeriveBytes vs. BCryptDeriveKeyPBKDF2 RRS feed

  • Question

  • I am having issues deriving passwords in CNG with BCryptDeriveKeyPBKDF2 and RFC2898DeriveBytes in C#.

    They are both using the same salt value, same password input, same iteration count (1000), and same SHA1 HMAC algorithm, but provide a different key.

    This is causing problems when handing data from C++ to C# based code, and vice versa.

    I am not sure what to do about this.  It seems very straight forward, but maybe it isn't.

    Wednesday, March 25, 2015 2:24 AM

Answers

  • Hello TRex9000,

    With you provided information, I checked two objects, while I found one is based on .NET and one is a win32 function, I think the two objects might be implemented differently so the generated key is not same although with the same input.

    I am not sure what you are trying to do with the two objects, my suggestion is that you could use both  rfc2898derivebytes or bcryptderivekeypbkdf2 in C++ and C# platform. Since the bcryptderivekeypbkdf2 is a win32 function, you could use P/Invoke way to import it to C# application.

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, March 26, 2015 9:50 AM
    Moderator
  • Are you sure that the inputs are identical? RFC2898DeriveBytes accepts a string password and uses UTF8 to convert the string to bytes. BCryptDeriveKeyPBKDF2 accepts an array of bytes, it's up to the user of that function to decide how to translate a (possibly) UTF16 string to bytes.
    Thursday, March 26, 2015 10:05 AM
    Moderator

All replies

  • Hello TRex9000,

    With you provided information, I checked two objects, while I found one is based on .NET and one is a win32 function, I think the two objects might be implemented differently so the generated key is not same although with the same input.

    I am not sure what you are trying to do with the two objects, my suggestion is that you could use both  rfc2898derivebytes or bcryptderivekeypbkdf2 in C++ and C# platform. Since the bcryptderivekeypbkdf2 is a win32 function, you could use P/Invoke way to import it to C# application.

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, March 26, 2015 9:50 AM
    Moderator
  • Are you sure that the inputs are identical? RFC2898DeriveBytes accepts a string password and uses UTF8 to convert the string to bytes. BCryptDeriveKeyPBKDF2 accepts an array of bytes, it's up to the user of that function to decide how to translate a (possibly) UTF16 string to bytes.
    Thursday, March 26, 2015 10:05 AM
    Moderator