PasswordDeriveBytes Class
Derives a key from a password using an extension of the PBKDF1 algorithm.
Assembly: mscorlib (in mscorlib.dll)
System.Security.Cryptography.DeriveBytes
System.Security.Cryptography.PasswordDeriveBytes
| Name | Description | |
|---|---|---|
![]() | PasswordDeriveBytes(Byte[], Byte[]) | Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key. |
![]() | PasswordDeriveBytes(Byte[], Byte[], CspParameters) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key. |
![]() | PasswordDeriveBytes(Byte[], Byte[], String, Int32) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key. |
![]() | PasswordDeriveBytes(Byte[], Byte[], String, Int32, CspParameters) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key. |
![]() | PasswordDeriveBytes(String, Byte[]) | Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key. |
![]() | PasswordDeriveBytes(String, Byte[], CspParameters) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key. |
![]() | PasswordDeriveBytes(String, Byte[], String, Int32) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key. |
![]() | PasswordDeriveBytes(String, Byte[], String, Int32, CspParameters) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key. |
| Name | Description | |
|---|---|---|
![]() | HashName | Gets or sets the name of the hash algorithm for the operation. |
![]() | IterationCount | Gets or sets the number of iterations for the operation. |
![]() | Salt | Gets or sets the key salt value for the operation. |
| Name | Description | |
|---|---|---|
![]() | CryptDeriveKey(String, String, Int32, Byte[]) | Derives a cryptographic key from the PasswordDeriveBytes object. |
![]() | Dispose() | When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class.(Inherited from DeriveBytes.) |
![]() | Dispose(Boolean) | Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources.(Overrides DeriveBytes.Dispose(Boolean).) |
![]() | Equals(Object) | Determines whether the specified object is equal to the current object.(Inherited from Object.) |
![]() | Finalize() | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.) |
![]() | GetBytes(Int32) | Obsolete. Returns pseudo-random key bytes.(Overrides DeriveBytes.GetBytes(Int32).) |
![]() | GetHashCode() | Serves as the default hash function. (Inherited from Object.) |
![]() | GetType() | |
![]() | MemberwiseClone() | |
![]() | Reset() | Resets the state of the operation.(Overrides DeriveBytes.Reset().) |
![]() | ToString() | Returns a string that represents the current object.(Inherited from Object.) |
This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.
Security Note
|
|---|
Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe. |
The following code example creates a key from a password using the PasswordDeriveBytes class.
using System; using System.Security.Cryptography; using System.Text; public class PasswordDerivedBytesExample { public static void Main(String[] args) { // Get a password from the user. Console.WriteLine("Enter a password to produce a key:"); byte[] pwd = Encoding.Unicode.GetBytes(Console.ReadLine()); byte[] salt = CreateRandomSalt(7); // Create a TripleDESCryptoServiceProvider object. TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider(); try { Console.WriteLine("Creating a key with PasswordDeriveBytes..."); // Create a PasswordDeriveBytes object and then create // a TripleDES key from the password and salt. PasswordDeriveBytes pdb = new PasswordDeriveBytes(pwd, salt); // Create the key and set it to the Key property // of the TripleDESCryptoServiceProvider object. tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV); Console.WriteLine("Operation complete."); } catch (Exception e) { Console.WriteLine(e.Message); } finally { // Clear the buffers ClearBytes(pwd); ClearBytes(salt); // Clear the key. tdes.Clear(); } Console.ReadLine(); } ////////////////////////////////////////////////////////// // Helper methods: // CreateRandomSalt: Generates a random salt value of the // specified length. // // ClearBytes: Clear the bytes in a buffer so they can't // later be read from memory. ////////////////////////////////////////////////////////// public static byte[] CreateRandomSalt(int length) { // Create a buffer byte[] randBytes; if (length >= 1) { randBytes = new byte[length]; } else { randBytes = new byte[1]; } // Create a new RNGCryptoServiceProvider. RNGCryptoServiceProvider rand = new RNGCryptoServiceProvider(); // Fill the buffer with random bytes. rand.GetBytes(randBytes); // return the bytes. return randBytes; } public static void ClearBytes(byte[] buffer) { // Check arguments. if (buffer == null) { throw new ArgumentException("buffer"); } // Set each byte in the buffer to 0. for (int x = 0; x < buffer.Length; x++) { buffer[x] = 0; } } }
Available since 1.1
Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.



