Rfc2898DeriveBytes Class
Implements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1.
System.Security.Cryptography.DeriveBytes
System.Security.Cryptography.Rfc2898DeriveBytes
Namespace: System.Security.Cryptography
Assembly: mscorlib (in mscorlib.dll)
The Rfc2898DeriveBytes type exposes the following members.
| Name | Description | |
|---|---|---|
![]() ![]() | Rfc2898DeriveBytes(String, Byte[]) | Initializes a new instance of the Rfc2898DeriveBytes class using a password and salt to derive the key. |
![]() ![]() | Rfc2898DeriveBytes(Byte[], Byte[], Int32) | Initializes a new instance of the Rfc2898DeriveBytes class using a password, a salt, and number of iterations to derive the key. |
![]() ![]() | Rfc2898DeriveBytes(String, Byte[], Int32) | Initializes a new instance of the Rfc2898DeriveBytes class using a password, a salt, and number of iterations to derive the key. |
| Name | Description | |
|---|---|---|
![]() ![]() | IterationCount | Gets or sets the number of iterations for the operation. |
![]() ![]() | Salt | Gets or sets the key salt value for the operation. |
| Name | Description | |
|---|---|---|
![]() ![]() | Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
![]() ![]() | Finalize | Allows an object to try to free resources and perform other cleanup operations before the Object is reclaimed by garbage collection. (Inherited from Object.) |
![]() ![]() | GetBytes | Returns a pseudo-random key from a password, salt and iteration count. (Overrides DeriveBytes.GetBytes(Int32).) |
![]() ![]() | GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
![]() ![]() | GetType | Gets the Type of the current instance. (Inherited from Object.) |
![]() ![]() | MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
![]() ![]() | Reset | Resets the state of the operation. (Overrides DeriveBytes.Reset().) |
![]() ![]() | ToString | Returns a string that represents the current object. (Inherited from Object.) |
Rfc2898DeriveBytes takes a password, a salt, and an iteration count, and then generates keys through calls to the GetBytes method.
RFC 2898 includes methods for creating a key and initialization vector (IV) from a password and salt. You can use PBKDF2, a password-based key derivation function, to derive keys using a pseudo-random function that allows keys of virtually unlimited length to be generated. The Rfc2898DeriveBytes class can be used to produce a derived key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count.
For more information about PBKDF2, see RFC 2898, "PKCS #5: Password-Based Cryptography Specification Version 2.0," available on the Request for Comments Web site. See section 5.2, "PBKDF2," for complete details.
Security Note: |
|---|
Never hard-code a password within your source code. Hard-coded passwords can be retrieved from an assembly by using the Microsoft Intermediate Language Disassembler (Ildasm.exe), by using a hexadecimal editor, or by simply opening up the assembly in a text editor such as Notepad.exe. |
The following example demonstrates how to use the Rfc2898DeriveBytes class to encrypt an isolated storage file. This code example is part of a larger example provided for the AesManaged class.
AesManaged#3
For a list of the operating systems and browsers that are supported by Silverlight, see Supported Operating Systems and Browsers.




Security Note: