PBKDF2 function with 128 Bit Key Length and 1,024 iterations of SHA256 in .Net Framework 4.5
up vote
1
down vote
favorite
I am trying to work with an api in .Net framework 4.5 that supposed to provide me cryptocurrencies wallet. in a part of it's documentations it says:
Pass Pin Code through the PBKDF2 function with 128 Bit Key Length and
1,024 iterations of SHA256
i could not find the Specify method in C# to do that. in documentations they have input "be9d3a4f1220495a96c38d36d8558365" as pin code and the out put is "4369cb0560d54f55d0c03564fbd983c4".
it seems that i should use Rfc2898DeriveBytes Method, and i used it like code below but i didnot get the same result.
string output = Convert.ToBase64String((new Rfc2898DeriveBytes("e24546d6643137a310968566cf1cd42b",16, 1024)).GetBytes(32));
output ==> 'x10zclBJY2eeZqjMyPfQm4ljyMFPvWbxF72Om2DCzHE='
c# cryptography
asked Nov 9 at 15:13
user2729871
184
|
show 2 more comments
up vote
1
down vote
favorite
I am trying to work with an api in .Net framework 4.5 that supposed to provide me cryptocurrencies wallet. in a part of it's documentations it says:
Pass Pin Code through the PBKDF2 function with 128 Bit Key Length and
1,024 iterations of SHA256
i could not find the Specify method in C# to do that. in documentations they have input "be9d3a4f1220495a96c38d36d8558365" as pin code and the out put is "4369cb0560d54f55d0c03564fbd983c4".
it seems that i should use Rfc2898DeriveBytes Method, and i used it like code below but i didnot get the same result.
string output = Convert.ToBase64String((new Rfc2898DeriveBytes("e24546d6643137a310968566cf1cd42b",16, 1024)).GetBytes(32));
output ==> 'x10zclBJY2eeZqjMyPfQm4ljyMFPvWbxF72Om2DCzHE='
c# cryptography
asked Nov 9 at 15:13
user2729871
184
1
Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
– pstrjds
Nov 9 at 15:31
1
I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
– Dave
Nov 9 at 15:32
3
github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
– bartonjs
Nov 9 at 15:40
Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
– Robert
Nov 9 at 19:31
so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
– user2729871
Nov 10 at 0:10
|
show 2 more comments
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am trying to work with an api in .Net framework 4.5 that supposed to provide me cryptocurrencies wallet. in a part of it's documentations it says:
Pass Pin Code through the PBKDF2 function with 128 Bit Key Length and
1,024 iterations of SHA256
i could not find the Specify method in C# to do that. in documentations they have input "be9d3a4f1220495a96c38d36d8558365" as pin code and the out put is "4369cb0560d54f55d0c03564fbd983c4".
it seems that i should use Rfc2898DeriveBytes Method, and i used it like code below but i didnot get the same result.
string output = Convert.ToBase64String((new Rfc2898DeriveBytes("e24546d6643137a310968566cf1cd42b",16, 1024)).GetBytes(32));
output ==> 'x10zclBJY2eeZqjMyPfQm4ljyMFPvWbxF72Om2DCzHE='
c# cryptography
asked Nov 9 at 15:13
user2729871
184
I am trying to work with an api in .Net framework 4.5 that supposed to provide me cryptocurrencies wallet. in a part of it's documentations it says:
Pass Pin Code through the PBKDF2 function with 128 Bit Key Length and
1,024 iterations of SHA256
i could not find the Specify method in C# to do that. in documentations they have input "be9d3a4f1220495a96c38d36d8558365" as pin code and the out put is "4369cb0560d54f55d0c03564fbd983c4".
it seems that i should use Rfc2898DeriveBytes Method, and i used it like code below but i didnot get the same result.
string output = Convert.ToBase64String((new Rfc2898DeriveBytes("e24546d6643137a310968566cf1cd42b",16, 1024)).GetBytes(32));
output ==> 'x10zclBJY2eeZqjMyPfQm4ljyMFPvWbxF72Om2DCzHE='
c# cryptography
c# cryptography
asked Nov 9 at 15:13
user2729871
184
asked Nov 9 at 15:13
user2729871
184
edited Nov 13 at 14:52
asked Nov 9 at 15:13
user2729871
184
asked Nov 9 at 15:13
user2729871
184
asked Nov 9 at 15:13
user2729871
184
184
1
Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
– pstrjds
Nov 9 at 15:31
1
I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
– Dave
Nov 9 at 15:32
3
github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
– bartonjs
Nov 9 at 15:40
Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
– Robert
Nov 9 at 19:31
so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
– user2729871
Nov 10 at 0:10
|
show 2 more comments
1
Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
– pstrjds
Nov 9 at 15:31
1
I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
– Dave
Nov 9 at 15:32
3
github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
– bartonjs
Nov 9 at 15:40
Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
– Robert
Nov 9 at 19:31
so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
– user2729871
Nov 10 at 0:10
1
1
Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
– pstrjds
Nov 9 at 15:31
Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
– pstrjds
Nov 9 at 15:31
1
1
I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
– Dave
Nov 9 at 15:32
I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
– Dave
Nov 9 at 15:32
3
3
github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
– bartonjs
Nov 9 at 15:40
github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
– bartonjs
Nov 9 at 15:40
Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
– Robert
Nov 9 at 19:31
Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
– Robert
Nov 9 at 19:31
so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
– user2729871
Nov 10 at 0:10
so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
– user2729871
Nov 10 at 0:10
|
show 2 more comments
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.
As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.
So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.
Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:
using System;
using System.Security.Cryptography;
using System.Text;
namespace StackOverflow
public class Rfc2898DeriveBytes : DeriveBytes
this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.
It is possible to use it like this:
string pw = "be9d3a4f1220495a96c38d36d8558365";
byte salt = new byte[0];
int iterations = 1024;
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
byte key = pbkdf2.GetBytes(16);
Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.
I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.
answered Nov 10 at 18:35
Maarten Bodewes
60.6k973169
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.
As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.
So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.
Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:
using System;
using System.Security.Cryptography;
using System.Text;
namespace StackOverflow
public class Rfc2898DeriveBytes : DeriveBytes
this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.
It is possible to use it like this:
string pw = "be9d3a4f1220495a96c38d36d8558365";
byte salt = new byte[0];
int iterations = 1024;
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
byte key = pbkdf2.GetBytes(16);
Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.
I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.
answered Nov 10 at 18:35
Maarten Bodewes
60.6k973169
add a comment |
up vote
2
down vote
accepted
It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.
As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.
So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.
Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:
using System;
using System.Security.Cryptography;
using System.Text;
namespace StackOverflow
public class Rfc2898DeriveBytes : DeriveBytes
this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.
It is possible to use it like this:
string pw = "be9d3a4f1220495a96c38d36d8558365";
byte salt = new byte[0];
int iterations = 1024;
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
byte key = pbkdf2.GetBytes(16);
Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.
I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.
answered Nov 10 at 18:35
Maarten Bodewes
60.6k973169
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.
As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.
So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.
Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:
using System;
using System.Security.Cryptography;
using System.Text;
namespace StackOverflow
public class Rfc2898DeriveBytes : DeriveBytes
this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.
It is possible to use it like this:
string pw = "be9d3a4f1220495a96c38d36d8558365";
byte salt = new byte[0];
int iterations = 1024;
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
byte key = pbkdf2.GetBytes(16);
Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.
I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.
answered Nov 10 at 18:35
Maarten Bodewes
60.6k973169
It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.
As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.
So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.
Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:
using System;
using System.Security.Cryptography;
using System.Text;
namespace StackOverflow
public class Rfc2898DeriveBytes : DeriveBytes
this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.
It is possible to use it like this:
string pw = "be9d3a4f1220495a96c38d36d8558365";
byte salt = new byte[0];
int iterations = 1024;
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
byte key = pbkdf2.GetBytes(16);
Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.
I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.
answered Nov 10 at 18:35
Maarten Bodewes
60.6k973169
edited Nov 13 at 15:45
answered Nov 10 at 18:35
Maarten Bodewes
60.6k973169
answered Nov 10 at 18:35
Maarten Bodewes
60.6k973169
answered Nov 10 at 18:35
Maarten Bodewes
60.6k973169
60.6k973169
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53228398%2fpbkdf2-function-with-128-bit-key-length-and-1-024-iterations-of-sha256-in-net-f%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
– pstrjds
Nov 9 at 15:31
1
I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
– Dave
Nov 9 at 15:32
3
github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
– bartonjs
Nov 9 at 15:40
Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
– Robert
Nov 9 at 19:31
so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
– user2729871
Nov 10 at 0:10