PasswordDeriveBytes Class
Derives a key from a password using an extension of the PBKDF1 algorithm.
Assembly: mscorlib (in mscorlib.dll)
System.Security.Cryptography.DeriveBytes
System.Security.Cryptography.PasswordDeriveBytes
| Name | Description | |
|---|---|---|
![]() | PasswordDeriveBytes(Byte(), Byte()) | Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key. |
![]() | PasswordDeriveBytes(Byte(), Byte(), CspParameters) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key. |
![]() | PasswordDeriveBytes(Byte(), Byte(), String, Int32) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key. |
![]() | PasswordDeriveBytes(Byte(), Byte(), String, Int32, CspParameters) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key. |
![]() | PasswordDeriveBytes(String, Byte()) | Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key. |
![]() | PasswordDeriveBytes(String, Byte(), CspParameters) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key. |
![]() | PasswordDeriveBytes(String, Byte(), String, Int32) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key. |
![]() | PasswordDeriveBytes(String, Byte(), String, Int32, CspParameters) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key. |
| Name | Description | |
|---|---|---|
![]() | HashName | Gets or sets the name of the hash algorithm for the operation. |
![]() | IterationCount | Gets or sets the number of iterations for the operation. |
![]() | Salt | Gets or sets the key salt value for the operation. |
| Name | Description | |
|---|---|---|
![]() | CryptDeriveKey(String, String, Int32, Byte()) | Derives a cryptographic key from the PasswordDeriveBytes object. |
![]() | Dispose() | When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class.(Inherited from DeriveBytes.) |
![]() | Dispose(Boolean) | Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources.(Overrides DeriveBytes.Dispose(Boolean).) |
![]() | Equals(Object) | Determines whether the specified object is equal to the current object.(Inherited from Object.) |
![]() | Finalize() | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.) |
![]() | GetBytes(Int32) | Obsolete. Returns pseudo-random key bytes.(Overrides DeriveBytes.GetBytes(Int32).) |
![]() | GetHashCode() | Serves as the default hash function. (Inherited from Object.) |
![]() | GetType() | |
![]() | MemberwiseClone() | |
![]() | Reset() | Resets the state of the operation.(Overrides DeriveBytes.Reset().) |
![]() | ToString() | Returns a string that represents the current object.(Inherited from Object.) |
This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.
Security Note
|
|---|
Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe. |
The following code example creates a key from a password using the PasswordDeriveBytes class.
Imports System Imports System.Security.Cryptography Imports System.Text Module PasswordDerivedBytesExample Sub Main(ByVal args() As String) ' Get a password from the user. Console.WriteLine("Enter a password to produce a key:") Dim pwd As Byte() = Encoding.Unicode.GetBytes(Console.ReadLine()) Dim salt As Byte() = CreateRandomSalt(7) ' Create a TripleDESCryptoServiceProvider object. Dim tdes As New TripleDESCryptoServiceProvider() Try Console.WriteLine("Creating a key with PasswordDeriveBytes...") ' Create a PasswordDeriveBytes object and then create ' a TripleDES key from the password and salt. Dim pdb As New PasswordDeriveBytes(pwd, salt) ' Create the key and set it to the Key property ' of the TripleDESCryptoServiceProvider object. tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV) Console.WriteLine("Operation complete.") Catch e As Exception Console.WriteLine(e.Message) Finally ' Clear the buffers ClearBytes(pwd) ClearBytes(salt) ' Clear the key. tdes.Clear() End Try Console.ReadLine() End Sub '******************************************************** '* Helper methods: '* createRandomSalt: Generates a random salt value of the '* specified length. '* '* clearBytes: Clear the bytes in a buffer so they can't '* later be read from memory. '******************************************************** Function CreateRandomSalt(ByVal length As Integer) As Byte() ' Create a buffer Dim randBytes() As Byte If length >= 1 Then randBytes = New Byte(length) {} Else randBytes = New Byte(0) {} End If ' Create a new RNGCryptoServiceProvider. Dim rand As New RNGCryptoServiceProvider() ' Fill the buffer with random bytes. rand.GetBytes(randBytes) ' return the bytes. Return randBytes End Function Sub ClearBytes(ByVal buffer() As Byte) ' Check arguments. If buffer Is Nothing Then Throw New ArgumentException("buffer") End If ' Set each byte in the buffer to 0. Dim x As Integer For x = 0 To buffer.Length - 1 buffer(x) = 0 Next x End Sub End Module
Available since 1.1
Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.



