Export (0) Print
Expand All

PasswordDeriveBytes Class

Derives a key from a password using an extension of the PBKDF1 algorithm.

System.Object
  System.Security.Cryptography.DeriveBytes
    System.Security.Cryptography.PasswordDeriveBytes

Namespace:  System.Security.Cryptography
Assembly:  mscorlib (in mscorlib.dll)

'Declaration
<ComVisibleAttribute(True)> _
Public Class PasswordDeriveBytes _
	Inherits DeriveBytes

The PasswordDeriveBytes type exposes the following members.

  NameDescription
Public methodPasswordDeriveBytes(Byte(), Byte())Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key.
Public methodPasswordDeriveBytes(String, Byte())Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key.
Public methodPasswordDeriveBytes(Byte(), Byte(), CspParameters)Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key.
Public methodPasswordDeriveBytes(String, Byte(), CspParameters)Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key.
Public methodPasswordDeriveBytes(Byte(), Byte(), String, Int32)Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key.
Public methodPasswordDeriveBytes(String, Byte(), String, Int32)Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key.
Public methodPasswordDeriveBytes(Byte(), Byte(), String, Int32, CspParameters)Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key.
Public methodPasswordDeriveBytes(String, Byte(), String, Int32, CspParameters)Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key.
Top

  NameDescription
Public propertyHashNameGets or sets the name of the hash algorithm for the operation.
Public propertyIterationCountGets or sets the number of iterations for the operation.
Public propertySaltGets or sets the key salt value for the operation.
Top

  NameDescription
Public methodCryptDeriveKeyDerives a cryptographic key from the PasswordDeriveBytes object.
Public methodDisposeWhen overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class. (Inherited from DeriveBytes.)
Protected methodDispose(Boolean)Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources. (Overrides DeriveBytes.Dispose(Boolean).)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetBytes Obsolete. Returns pseudo-random key bytes. (Overrides DeriveBytes.GetBytes(Int32).)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodResetResets the state of the operation. (Overrides DeriveBytes.Reset.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.

Security noteSecurity Note

Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.

The following code example creates a key from a password using the PasswordDeriveBytes class.

Imports System
Imports System.Security.Cryptography
Imports System.Text



Module PasswordDerivedBytesExample


    Sub Main(ByVal args() As String)

        ' Get a password from the user.
        Console.WriteLine("Enter a password to produce a key:")

        Dim pwd As Byte() = Encoding.Unicode.GetBytes(Console.ReadLine())

        Dim salt As Byte() = CreateRandomSalt(7)

        ' Create a TripleDESCryptoServiceProvider object. 
        Dim tdes As New TripleDESCryptoServiceProvider()

        Try
            Console.WriteLine("Creating a key with PasswordDeriveBytes...")

            ' Create a PasswordDeriveBytes object and then create  
            ' a TripleDES key from the password and salt. 
            Dim pdb As New PasswordDeriveBytes(pwd, salt)


            ' Create the key and set it to the Key property 
            ' of the TripleDESCryptoServiceProvider object.
            tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV)


            Console.WriteLine("Operation complete.")
        Catch e As Exception
            Console.WriteLine(e.Message)
        Finally 
            ' Clear the buffers
            ClearBytes(pwd)
            ClearBytes(salt)

            ' Clear the key.
            tdes.Clear()
        End Try

        Console.ReadLine()

    End Sub 


    '******************************************************** 
    '* Helper methods: 
    '* createRandomSalt: Generates a random salt value of the  
    '*                   specified length.   
    '* 
    '* clearBytes: Clear the bytes in a buffer so they can't  
    '*             later be read from memory. 
    '******************************************************** 
    Function CreateRandomSalt(ByVal length As Integer) As Byte()
        ' Create a buffer 
        Dim randBytes() As Byte 

        If length >= 1 Then
            randBytes = New Byte(length) {}
        Else
            randBytes = New Byte(0) {}
        End If 

        ' Create a new RNGCryptoServiceProvider. 
        Dim rand As New RNGCryptoServiceProvider()

        ' Fill the buffer with random bytes.
        rand.GetBytes(randBytes)

        ' return the bytes. 
        Return randBytes

    End Function 


    Sub ClearBytes(ByVal buffer() As Byte)
        ' Check arguments. 
        If buffer Is Nothing Then 
            Throw New ArgumentException("buffer")
        End If 

        ' Set each byte in the buffer to 0. 
        Dim x As Integer 
        For x = 0 To buffer.Length - 1
            buffer(x) = 0
        Next x

    End Sub 
End Module

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft