The docs for Rfc2898DeriveBytes say:
Implements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1.
but the constructors that are not obsolete all accept a hash algorithm.
Is that a contradiction or am I missing something?
Check the RFC (2898) . HMAC-SHA-1 is just one possible pseudorandom function.
The default pseudorandom function is HMAC-SHA-1
A hash function may also meet the requirements of a pseudorandom function under certain assumptions. For instance, the direct application of a hash function to to the concatenation of the "key" and the "text" may be appropriate, provided that "text" has appropriate structure to prevent certain attacks. HMAC-SHA-1 is preferable, however, because it treats "key" and "text" as separate arguments and does not require "text" to have any structure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.