Reputation: 109
Rfc2898DeriveBytes and TripleDes
I have now learnt that PasswordDeriveBytes is deprecated in favor of Rfc2898DeriveBytes.
Looking up Rfc2898DeriveBytes on MSDN. There is a code example that uses TripleDES.
But TripleDes is older and weaker than AES. Why have they seemingly taken one step forward and one step back?
Can one just replace the TripleDes with AES or is Rfc2898DeriveBytes intrinsically linked to TripleDes?
Upvotes: 3
Views: 595
Answers (2)
Reputation: 19842
PBKDF2 (Rfc2898DeriveBytes) is used to derive a key from a password (Key Derivation Function), the key length it generates and what you do subsequently are your choice, so use PBKDF2 to generate they key and use which ever symmetric cipher you like. To answer your question, there is no intrinsic link.
Upvotes: 1
Reputation: 108830
A password based KDF simply turns a password+salt into a sequence of bytes which you can use as key, or store as password hash.
It's in no way linked to your choice of cipher, you can use PBKDF2 together with AES. One minor issue is how much data you read from PBKDF2-HMAC-SHA-1. I recommend only reading 20 bytes, and using a separate hash to increase their size when that's needed.
There is no reason to follow MSDN examples. They often do not follow good coding practices. Just because they use 3DES doesn't mean you should.
Upvotes: 5
Related Questions
- Understanding how Rfc2898DeriveBytes works
- How to implement Triple DES in C# (complete example)
- Tripledes from hardware
- TripleDES 16 Byte not working
- How could I use Rfc2898DeriveBytes in window mobile?
- Why does TripleDes use exactly 16 bytes from Rfc2898DeriveBytes?
- RFC2898DeriveBytes not decrypting
- C#'s implementation of the TripleDES algorithm
- TripleDES Decryption in C#
- TripleDES Encryption in C#