A Question about .net Rfc2898DeriveBytes class?
Posted
by IbrarMumtaz
on Stack Overflow
See other posts from Stack Overflow
or by IbrarMumtaz
Published on 2010-04-17T16:58:22Z
Indexed on
2010/04/17
17:03 UTC
Read the original article
Hit count: 539
What is the difference in this class? as posed to just using Encoding.ASCII.GetBytes(string object);
I have had relative success with either approach, the former is a more long winded approach where as the latter is simple and to the point. Both seem to allow you to do the same thing eventually but I am struggling to the see the point in using the former over the latter.
The basic concept I have been able to grasp is that you can convert string passwords into byte arrays to be used for e.g a symmetric encryption class, AesManaged. Via the RFC class but you get to use SaltValues and password when creating your rfc object. I assume its more secure but still thats an uneducated guess at best ! Also that it allows you to return byte arrays of a certain size, well something like that.
heres a few examples to show you where I am coming from?
byte[] myPassinBytes = Encoding.ASCII.GetBytes("some password");
or
string password = "P@%5w0r]>";
byte[] saltArray = Encoding.ASCII.GetBytes("this is my salt");
Rfc2898DeriveBytes rfcKey = new Rfc2898DeriveBytes(password, saltArray);
The 'rfcKey' object can now be used towards setting up the the .Key or .IV properties on a Symmetric Encryption Algorithm class.
ie.
RijndaelManaged rj = new RijndaelManaged ();
rj.Key = rfcKey.Getbytes(rj.KeySize / 8);
rj.IV = rfcKey.Getbytes(rj.Blocksize / 8);
'rj' should be ready to go !
The confusing part ... so rather than using the 'rfcKey' object can I not just use my 'myPassInBytes' array to help set-up my 'rj' object????
I have tried doing this in VS2008 and the immediate answer is NO ! but have you guys got a better educated answer as to why the RFC class is used over the other alternative I have mentioned above and why????
© Stack Overflow or respective owner