This topic has not yet been rated - Rate this topic

PasswordDeriveBytes Class

.NET Framework 4

Other Versions

Derives a key from a password using an extension of the PBKDF1 algorithm.

Inheritance Hierarchy

System.Object
System.Security.Cryptography.DeriveBytes
System.Security.Cryptography.PasswordDeriveBytes

Namespace: System.Security.Cryptography
Assembly: mscorlib (in mscorlib.dll)

Syntax

C++

Copy

[ComVisibleAttribute(true)]
public class PasswordDeriveBytes : DeriveBytes

The PasswordDeriveBytes type exposes the following members.

Constructors

	Name	Description
	PasswordDeriveBytes(Byte[], Byte[])	Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key.
	PasswordDeriveBytes(String, Byte[])	Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key.
	PasswordDeriveBytes(Byte[], Byte[], CspParameters)	Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key.
	PasswordDeriveBytes(String, Byte[], CspParameters)	Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key.
	PasswordDeriveBytes(Byte[], Byte[], String, Int32)	Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key.
	PasswordDeriveBytes(String, Byte[], String, Int32)	Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key.
	PasswordDeriveBytes(Byte[], Byte[], String, Int32, CspParameters)	Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key.
	PasswordDeriveBytes(String, Byte[], String, Int32, CspParameters)	Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key.

Top

Properties

	Name	Description
	HashName	Gets or sets the name of the hash algorithm for the operation.
	IterationCount	Gets or sets the number of iterations for the operation.
	Salt	Gets or sets the key salt value for the operation.

Top

Methods

	Name	Description
	CryptDeriveKey	Derives a cryptographic key from the PasswordDeriveBytes object.
	Dispose()	When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class. (Inherited from DeriveBytes.)
	Dispose(Boolean)	Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources. (Overrides DeriveBytes.Dispose(Boolean).)
	Equals(Object)	Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
	Finalize	Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
	GetBytes	Obsolete. Returns pseudo-random key bytes. (Overrides DeriveBytes.GetBytes(Int32).)
	GetHashCode	Serves as a hash function for a particular type. (Inherited from Object.)
	GetType	Gets the Type of the current instance. (Inherited from Object.)
	MemberwiseClone	Creates a shallow copy of the current Object. (Inherited from Object.)
	Reset	Resets the state of the operation. (Overrides DeriveBytes.Reset().)
	ToString	Returns a string that represents the current object. (Inherited from Object.)

Top

Remarks

This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.

Security Note
Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (MSIL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.

Examples

The following code example creates a key from a password using the PasswordDeriveBytes class.

C++

Copy


using System;
using System.Security.Cryptography;
using System.Text;

public class PasswordDerivedBytesExample
{

    public static void Main(String[] args)
    {

        // Get a password from the user.
        Console.WriteLine("Enter a password to produce a key:");

        byte[] pwd = Encoding.Unicode.GetBytes(Console.ReadLine());

        byte[] salt = CreateRandomSalt(7);

        // Create a TripleDESCryptoServiceProvider object.
        TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();

        try
        {
            Console.WriteLine("Creating a key with PasswordDeriveBytes...");

            // Create a PasswordDeriveBytes object and then create
            // a TripleDES key from the password and salt.
            PasswordDeriveBytes pdb = new PasswordDeriveBytes(pwd, salt);


            // Create the key and set it to the Key property
            // of the TripleDESCryptoServiceProvider object.
            tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV);


            Console.WriteLine("Operation complete.");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
        finally
        {
            // Clear the buffers
            ClearBytes(pwd);
            ClearBytes(salt);

            // Clear the key.
            tdes.Clear();
        }

        Console.ReadLine();
    }

    //////////////////////////////////////////////////////////
    // Helper methods:
    // CreateRandomSalt: Generates a random salt value of the
    //                   specified length.
    //
    // ClearBytes: Clear the bytes in a buffer so they can't
    //             later be read from memory.
    //////////////////////////////////////////////////////////

    public static byte[] CreateRandomSalt(int length)
    {
        // Create a buffer
        byte[] randBytes;

        if (length >= 1)
        {
            randBytes = new byte[length];
        }
        else
        {
            randBytes = new byte[1];
        }

        // Create a new RNGCryptoServiceProvider.
        RNGCryptoServiceProvider rand = new RNGCryptoServiceProvider();

        // Fill the buffer with random bytes.
        rand.GetBytes(randBytes);

        // return the bytes.
        return randBytes;
    }

    public static void ClearBytes(byte[] buffer)
    {
        // Check arguments.
        if (buffer == null)
        {
            throw new ArgumentException("buffer");
        }

        // Set each byte in the buffer to 0.
        for (int x = 0; x < buffer.Length; x++)
        {
            buffer[x] = 0;
        }
    }
}

Version Information

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Platforms

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.