PBKDF2 ( Rfc2898DeriveBytes ) ; Encryption

PBKDF2 , Rfc2898DeriveBytes , Encryption , System.Security.Cryptography , C#

In today's world of passwords and passwords, the most critical aspect is the security of this passwords.

The problem is how to store this passwords so that no one can have a "sneak-a-peek" at those stored passwords, at misuse with your data.

One solution is to store as a hash, so that now no one can have a "sneak-a-peek" at your passwords.

for eg.

public static string Hash_My_Password(string password)
byte[] data = Encoding.UTF8.GetBytes(Password);
using (HashAlgorithm My_Sha = new SHA256Managed())
byte[] encryptedBytes = My_Sha.TransformFinalBlock(data, 0, data.Length);

return Convert.ToBase64String(My_Sha.Hash);

string My_encrypted_password = Hash_My_Password("p@$$W0rD");


You can store this "My_encrypted_password" in a database or in a file for later use.

The above example looks very good and easy, but what if someone does not ony want to look into your data base or file where you have stored your password.
Some one might have access to your data base or the file where you have stored your password, they can use a loop back program , which is again as easy as the program in the example ( won't discuss about it here, as this fall out of the scope of our problem domain).

Another solution ( which I recommend): PBKDF2

What is PBKDF2 ?
Password-Based Key Derivation Function or better known as PBKDF; 2 is the version number.
"PBKDF1" could only produce derived keys up to 160 bits long.
"PBKDF2" is a standard key derivation function that is part of RSA Laboratories' PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898.

PBKDF2 applies a random function ( cryptographic hash, cipher, or HMAC) to the input password along with a "salt value" and repeats the process many times (1000 is a recommended minimum) to produce a "derived key", which can be used as a cryptographic key.

Salt : In cryptography, a salt consists of random bits that are used as one of the inputs to a key derivation function. For best security, the salt is kept secret. To determine a password from a stolen hash ( in this case My_encrypted_password , an attacker cannot simply try common passwords. Rather, they must calculate the hashes of random characters (at least for the portion of the input they know is the salt).

The added computational work makes password cracking much more difficult, and is known as key strengthening.

Having a salt added to the password reduces the ability to use a precomputed dictionary to attack a password (such as rainbow tables) and means that multiple passwords have to be tested individually, not all at once. The "iterations" increase the work that must be done on the attacker's side to carry out.

For detail documentation on PBKDF2 : [http://www.ietf.org/rfc/rfc2898.txt]

So how can we inplement this concept, which looks so challenging, in .net ?
The answer is "Rfc2898DeriveBytes Class" "Namespace: System.Security.Cryptography"

Implementation Eg.

using System.Security.Cryptography;
using System.Text;

string password = "p@$$W0rD";
string salt = "My_$@lt_v@1Ue";// you can have salt as random generated too, & should always be secret
int iteration = 3000;
int bytes = 32;

//get PBKDF2 for the password
Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, Encoding.UTF8.GetBytes(salt), iteration);

//get a 32 byte key
string my_encrypted_Key = Convert.ToBase64String(rfc2898.GetBytes(bytes));


You can again use the hash function mentioned above, if willing, for extra security

string My_encrypted_password = Hash_My_Password(my_encrypted_Key);

Simple isn't it, And very robust.

Also attaching a example application, have a look at it.

There is a point to remember : You cannot have a salt value less than 8 bytes and the iteration should never be less than 1 or else "Rfc2898DeriveBytes.GetBytes Method" will throw an exception {The specified salt size is smaller than 8 bytes or the iteration count is less than 1.}

Reference: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx


  • RFC2898 PBKDF2 Example (40614-1493-RFC2898example.rar)
  • Comments

    Author: Mrinmay Paul21 Sep 2010 Member Level: Gold   Points : 1

    You cannot have a salt value less than 8 bytes and the iteration should never be less than 1 or else "Rfc2898DeriveBytes.GetBytes Method" will throw an exception {The specified salt size is smaller than 8 bytes or the iteration count is less than 1.}

    Yes you can have SALT less than 8 bytes:
    Have a look at my other post on how to do it:


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: