A Question about .net Rfc2898DeriveBytes class?

Posted by IbrarMumtaz on Stack Overflow See other posts from Stack Overflow or by IbrarMumtaz
Published on 2010-04-17T16:58:22Z Indexed on 2010/04/17 17:03 UTC
Read the original article Hit count: 539

Filed under:
|
|
|

What is the difference in this class? as posed to just using Encoding.ASCII.GetBytes(string object);

I have had relative success with either approach, the former is a more long winded approach where as the latter is simple and to the point. Both seem to allow you to do the same thing eventually but I am struggling to the see the point in using the former over the latter.

The basic concept I have been able to grasp is that you can convert string passwords into byte arrays to be used for e.g a symmetric encryption class, AesManaged. Via the RFC class but you get to use SaltValues and password when creating your rfc object. I assume its more secure but still thats an uneducated guess at best ! Also that it allows you to return byte arrays of a certain size, well something like that.

heres a few examples to show you where I am coming from?

    byte[] myPassinBytes = Encoding.ASCII.GetBytes("some password");

or

    string password = "P@%5w0r]>";
    byte[] saltArray = Encoding.ASCII.GetBytes("this is my salt");
    Rfc2898DeriveBytes rfcKey = new Rfc2898DeriveBytes(password, saltArray);

The 'rfcKey' object can now be used towards setting up the the .Key or .IV properties on a Symmetric Encryption Algorithm class.

ie.

    RijndaelManaged rj = new RijndaelManaged ();
    rj.Key = rfcKey.Getbytes(rj.KeySize / 8); 
    rj.IV = rfcKey.Getbytes(rj.Blocksize / 8);

'rj' should be ready to go !

The confusing part ... so rather than using the 'rfcKey' object can I not just use my 'myPassInBytes' array to help set-up my 'rj' object????

I have tried doing this in VS2008 and the immediate answer is NO ! but have you guys got a better educated answer as to why the RFC class is used over the other alternative I have mentioned above and why????

© Stack Overflow or respective owner

Related posts about rfc2898

Related posts about c#