PBKDF2 function with 128 Bit Key Length and 1,024 iterations of SHA256 in .Net Framework 4.5









up vote
1
down vote

favorite
2












I am trying to work with an api in .Net framework 4.5 that supposed to provide me cryptocurrencies wallet. in a part of it's documentations it says:




Pass Pin Code through the PBKDF2 function with 128 Bit Key Length and
1,024 iterations of SHA256




i could not find the Specify method in C# to do that. in documentations they have input "be9d3a4f1220495a96c38d36d8558365" as pin code and the out put is "4369cb0560d54f55d0c03564fbd983c4".
it seems that i should use Rfc2898DeriveBytes Method, and i used it like code below but i didnot get the same result.



string output = Convert.ToBase64String((new Rfc2898DeriveBytes("e24546d6643137a310968566cf1cd42b",16, 1024)).GetBytes(32));



output ==> 'x10zclBJY2eeZqjMyPfQm4ljyMFPvWbxF72Om2DCzHE='










share|improve this question



















  • 1




    Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
    – pstrjds
    Nov 9 at 15:31







  • 1




    I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
    – Dave
    Nov 9 at 15:32






  • 3




    github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
    – bartonjs
    Nov 9 at 15:40










  • Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
    – Robert
    Nov 9 at 19:31










  • so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
    – user2729871
    Nov 10 at 0:10














up vote
1
down vote

favorite
2












I am trying to work with an api in .Net framework 4.5 that supposed to provide me cryptocurrencies wallet. in a part of it's documentations it says:




Pass Pin Code through the PBKDF2 function with 128 Bit Key Length and
1,024 iterations of SHA256




i could not find the Specify method in C# to do that. in documentations they have input "be9d3a4f1220495a96c38d36d8558365" as pin code and the out put is "4369cb0560d54f55d0c03564fbd983c4".
it seems that i should use Rfc2898DeriveBytes Method, and i used it like code below but i didnot get the same result.



string output = Convert.ToBase64String((new Rfc2898DeriveBytes("e24546d6643137a310968566cf1cd42b",16, 1024)).GetBytes(32));



output ==> 'x10zclBJY2eeZqjMyPfQm4ljyMFPvWbxF72Om2DCzHE='










share|improve this question



















  • 1




    Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
    – pstrjds
    Nov 9 at 15:31







  • 1




    I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
    – Dave
    Nov 9 at 15:32






  • 3




    github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
    – bartonjs
    Nov 9 at 15:40










  • Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
    – Robert
    Nov 9 at 19:31










  • so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
    – user2729871
    Nov 10 at 0:10












up vote
1
down vote

favorite
2









up vote
1
down vote

favorite
2






2





I am trying to work with an api in .Net framework 4.5 that supposed to provide me cryptocurrencies wallet. in a part of it's documentations it says:




Pass Pin Code through the PBKDF2 function with 128 Bit Key Length and
1,024 iterations of SHA256




i could not find the Specify method in C# to do that. in documentations they have input "be9d3a4f1220495a96c38d36d8558365" as pin code and the out put is "4369cb0560d54f55d0c03564fbd983c4".
it seems that i should use Rfc2898DeriveBytes Method, and i used it like code below but i didnot get the same result.



string output = Convert.ToBase64String((new Rfc2898DeriveBytes("e24546d6643137a310968566cf1cd42b",16, 1024)).GetBytes(32));



output ==> 'x10zclBJY2eeZqjMyPfQm4ljyMFPvWbxF72Om2DCzHE='










share|improve this question















I am trying to work with an api in .Net framework 4.5 that supposed to provide me cryptocurrencies wallet. in a part of it's documentations it says:




Pass Pin Code through the PBKDF2 function with 128 Bit Key Length and
1,024 iterations of SHA256




i could not find the Specify method in C# to do that. in documentations they have input "be9d3a4f1220495a96c38d36d8558365" as pin code and the out put is "4369cb0560d54f55d0c03564fbd983c4".
it seems that i should use Rfc2898DeriveBytes Method, and i used it like code below but i didnot get the same result.



string output = Convert.ToBase64String((new Rfc2898DeriveBytes("e24546d6643137a310968566cf1cd42b",16, 1024)).GetBytes(32));



output ==> 'x10zclBJY2eeZqjMyPfQm4ljyMFPvWbxF72Om2DCzHE='







c# cryptography






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 13 at 14:52

























asked Nov 9 at 15:13









user2729871

184




184







  • 1




    Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
    – pstrjds
    Nov 9 at 15:31







  • 1




    I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
    – Dave
    Nov 9 at 15:32






  • 3




    github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
    – bartonjs
    Nov 9 at 15:40










  • Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
    – Robert
    Nov 9 at 19:31










  • so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
    – user2729871
    Nov 10 at 0:10












  • 1




    Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
    – pstrjds
    Nov 9 at 15:31







  • 1




    I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
    – Dave
    Nov 9 at 15:32






  • 3




    github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
    – bartonjs
    Nov 9 at 15:40










  • Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
    – Robert
    Nov 9 at 19:31










  • so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
    – user2729871
    Nov 10 at 0:10







1




1




Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
– pstrjds
Nov 9 at 15:31





Unless you give it the same salt each time, every run will be different. Secondarily, you are converting the result to a Base64 string, but from the looks of the expected response, that is a hex encoded string and it is only 16 bytes.
– pstrjds
Nov 9 at 15:31





1




1




I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
– Dave
Nov 9 at 15:32




I think the default hashing algo for RFC2898Derive bytes is SHA1. I might be wrong, but I'm sure I read that somewhere when looking into this in the past. Depending on your version of .Net you can specifiy SHA256
– Dave
Nov 9 at 15:32




3




3




github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
– bartonjs
Nov 9 at 15:40




github.com/BlockIo/block_io-php/blob/… says they use the empty salt (which Rfc2898DeriveBytes won't accept). (And to use SHA256 with Rfc2898DeriveBytes you need to upgrade to .NET 4.7.2).
– bartonjs
Nov 9 at 15:40












Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
– Robert
Nov 9 at 19:31




Also you should should convert the password to Byte before calling Rfc2898DeriveBytes - otherwise it is unlikely that .Net uses the encoding you need.
– Robert
Nov 9 at 19:31












so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
– user2729871
Nov 10 at 0:10




so there is no a method to do SHA256 with 128 key lenght in .Net Framework 4.5?
– user2729871
Nov 10 at 0:10












1 Answer
1






active

oldest

votes

















up vote
2
down vote



accepted










It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.



As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.



So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.



Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:



using System;
using System.Security.Cryptography;
using System.Text;

namespace StackOverflow

public class Rfc2898DeriveBytes : DeriveBytes




this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.



It is possible to use it like this:



string pw = "be9d3a4f1220495a96c38d36d8558365";
byte salt = new byte[0];
int iterations = 1024;

Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
byte key = pbkdf2.GetBytes(16);


Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.



I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.






share|improve this answer






















    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53228398%2fpbkdf2-function-with-128-bit-key-length-and-1-024-iterations-of-sha256-in-net-f%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote



    accepted










    It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.



    As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.



    So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.



    Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:



    using System;
    using System.Security.Cryptography;
    using System.Text;

    namespace StackOverflow

    public class Rfc2898DeriveBytes : DeriveBytes




    this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.



    It is possible to use it like this:



    string pw = "be9d3a4f1220495a96c38d36d8558365";
    byte salt = new byte[0];
    int iterations = 1024;

    Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
    byte key = pbkdf2.GetBytes(16);


    Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.



    I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.






    share|improve this answer


























      up vote
      2
      down vote



      accepted










      It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.



      As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.



      So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.



      Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:



      using System;
      using System.Security.Cryptography;
      using System.Text;

      namespace StackOverflow

      public class Rfc2898DeriveBytes : DeriveBytes




      this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.



      It is possible to use it like this:



      string pw = "be9d3a4f1220495a96c38d36d8558365";
      byte salt = new byte[0];
      int iterations = 1024;

      Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
      byte key = pbkdf2.GetBytes(16);


      Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.



      I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.






      share|improve this answer
























        up vote
        2
        down vote



        accepted







        up vote
        2
        down vote



        accepted






        It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.



        As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.



        So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.



        Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:



        using System;
        using System.Security.Cryptography;
        using System.Text;

        namespace StackOverflow

        public class Rfc2898DeriveBytes : DeriveBytes




        this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.



        It is possible to use it like this:



        string pw = "be9d3a4f1220495a96c38d36d8558365";
        byte salt = new byte[0];
        int iterations = 1024;

        Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
        byte key = pbkdf2.GetBytes(16);


        Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.



        I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.






        share|improve this answer














        It's probably best to implement your own version of PBKDF2. PBKDF2 is the actual algorithm implemented by the badly named Rfc2898DeriveBytes class.



        As .NET 4.5 doesn't include the functionality to use PBKDF2 with a different hash. .NET version 4.7.2 does include the functionality but it doesn't allow the salt to be zero bytes.



        So therefore it is best to implement your own version. The .NET version of Microsoft has specific copyright notices that do not seem compatible. One way to go around this is to implement PBKDF2 from Mono, but the later versions of Mono do not implement this class (it seems) and they do not implement the version where the hash can be chosen.



        Fortunately bartonjs has indicated a version that has the permissive MIT license, which can be used, leading to the following solution:



        using System;
        using System.Security.Cryptography;
        using System.Text;

        namespace StackOverflow

        public class Rfc2898DeriveBytes : DeriveBytes




        this is a class where more specific exceptions have been rewritten, some specialized cloning is replaced, and the random salt generation is generalized. The minimum salt size has also been set to 0. Otherwise it is the same code in a different name space.



        It is possible to use it like this:



        string pw = "be9d3a4f1220495a96c38d36d8558365";
        byte salt = new byte[0];
        int iterations = 1024;

        Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pw, salt, iterations, "SHA-256");
        byte key = pbkdf2.GetBytes(16);


        Note that the PIN is hexadecimals encoded as UTF-8, the default encoding for PBKDF2 (not the default encoding for .NET!). The result is a key that, when represented as hexadecimals equals 4369cb0560d54f55d0c03564fbd983c4.



        I've converted to a 4.5 compatible class using a string to indicate the hash function, for the one with an enum HashAlgorithm (4.6 or something similar) take a look at the revision history.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 13 at 15:45

























        answered Nov 10 at 18:35









        Maarten Bodewes

        60.6k973169




        60.6k973169



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53228398%2fpbkdf2-function-with-128-bit-key-length-and-1-024-iterations-of-sha256-in-net-f%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Top Tejano songwriter Luis Silva dead of heart attack at 64

            政党

            天津地下鉄3号線