Geek Answers Handbook

The importance of key size in the implementation of Rfc2898DeriveBytes (PBKDF2)

This is the code that I use for the "hash" (or output the key as called in PBKDF2 in the PKCS standard) line passwords with the class Rfc2898DeriveBytes represented in .NET:

int saltSize = 256; int iterations = 1000; int keySize = 20; // The parameter I'm not sure of var deriveBytes = new Rfc2898DeriveBytes("mypassword", saltSize, iterations); byte[] salt = deriveBytes.Salt; byte[] key = deriveBytes.GetBytes(keySize);

Now I understand that the size of the salt doesn't matter much (if that's enough to make sure random salts are unique), but what about the key size? Does a longer key provide more protection against attacks?

(Note:
1. Performance issues do not import for me here, it is obvious that a longer salt or a longer key will require more time for GetBytes to return a value.
2. I want to use this "hash" to store them in the database, and not use them later in the encryption scheme)

+8
c # passwords cryptography hash pkcs # 5
source share
2 answers

Typically, you use PKCS # 5 v2 / RFC2898 to create a symmetric key from a user password. Size is important because it must fit the required size of the symmetric algorithm that you will use.

 aes.Key = deriveBytes.GetBytes (16); // 16 * 8 = 128 bits

However, you seem to be looking at the password hash, not the key, so size is not that important in your particular case. You can safely fix it to hash size (20 bytes for SHA1) if you want to get a specific value.

General note (for people for whom performance is important): using PKCS # 5 v2 (or older) will take much longer (number of iterations) than using salted or HMAC hash.

+6
source share

keysize - the size of the flashed key; Therefore, if you want to get a large derivative key, use a larger key.

The time spent on more keys is proportional to int (keysize / hashsize), so you should set the keys to at least the same length as hashsize.

In addition, you should use derivative keys of the recommended length when they are used in some cypher, for example. AES (128 - 256 bit).

0
source share

More articles:


All Articles