Rfc2898DeriveBytes vs Sha2 hash generation for passwords

Question

I've recently known about using SHA256 to generate password hash for salted passwords. After reading a bit about salted passwords and security, I saw rfc2898derivebytes and passwordderivebytes classes in .NET. Is there any advantage to using rfc2898derivebytes class than the usual hashing method (generate salt, generate salted password, store both in db)?

Answer 1

A standard hash, such as SHA256, can be generated extremely quickly on modern hardware.

This is generally considered a good thing, but there is a downside: the bad guys attempting to crack your passwords can also generate those hashes extremely quickly, meaning that they can discover your passwords relatively easily using brute-force.

Key derivation algorithms such as bcrypt and PBKDF2 (aka Rfc2898DeriveBytes) are much slower than standard hash algorithms. They use a standard hash algorithm internally -- SHA1 in the case of Rfc2898DeriveBytes -- but they iterate thousands of times to generate the derived key.

So although your machine needs to do a lot more work to generate a "hash" using an iterative key derivation algorithm, the bad guys attempting to crack your passwords also have to do a lot more work. This is a good thing.

The Rfc2898DeriveBytes class allows you to specify the number of iterations to use (I think the default is 1,000). The more iterations that you use, the harder it will be for an attacker to crack your passwords using brute-force.