stackoom
  简体   繁体   中英

How can Rfc2898DeriveBytes be both "based on HMACSHA1" and accept a hash algorithm?

 原文  2023-01-24 19:13:06       c#/ .net/ cryptography/ pbkdf2

Question

The docs for Rfc2898DeriveBytes say:

Implements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1.

but the constructors that are not obsolete all accept a hash algorithm.

Is that a contradiction or am I missing something?

1 answers

solution1
 0  2023-01-24 19:27:55

Check the RFC (2898) . HMAC-SHA-1 is just one possible pseudorandom function.

The default pseudorandom function is HMAC-SHA-1

A hash function may also meet the requirements of a pseudorandom function under certain assumptions. For instance, the direct application of a hash function to to the concatenation of the "key" and the "text" may be appropriate, provided that "text" has appropriate structure to prevent certain attacks. HMAC-SHA-1 is preferable, however, because it treats "key" and "text" as separate arguments and does not require "text" to have any structure.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cannot specify 4 arguments (hash algorithm name) for Rfc2898DeriveBytes Understanding how Rfc2898DeriveBytes works Password Hash via Rfc2898DeriveBytes - what to pass to getBytes Rfc2898DeriveBytes and TripleDes RFC2898DeriveBytes not decrypting RNGCryptoServiceProvider and Rfc2898DeriveBytes Rfc2898DeriveBytes in C# to hash_pbkdf2 in PHP Rfc2898DeriveBytes how to verify the password which is store in database as hash value How do I use SHA-512 with Rfc2898DeriveBytes in my salt & hash code? How many bytes should a password hash be when using Rfc2898DeriveBytes?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM