SHA256 hash function giving unexpected result
Question
I'm using C# and wondering why the .Net function PasswordDeriveBytes returns a different result from other SHA256 algorithums.
I'm calling it as follows:
byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
var hash = PasswordDeriveBytes("1234567890", saltValueBytes, "SHA256", 1);
byte[] SHA256Pass = hash.GetBytes();
I am expecting to get the hash c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646
but instead I get b????????A?n?z$?]??9,m^????@n?
I dont know what the problem is. how this function works and why the result i'm getting does not look like a SHA 256 hash.
thanks
2 answers
solution1
4 2012-10-25 03:58:59
How are you displaying your bytes? It looks like you took them and tried to convert them directly to a string, which gives you some wierd-looking characters (and about half the number of characters expected). See this answer for some options for doing the conversion to a hex string like it appears you were expecting.
solution2
2 ACCPTED 2012-10-26 12:41:01
PasswordDeriveBytes is not a hash function, it is a key derivation function. It follows PBKDF1 precisely until you exceed 20 bytes of output, for which PBKDF1 was designed. When that happens it turns into a proprietary, badly programmed, insecure and unknown key stretching function.
PBKDF1 uses SHA-1 to implement the key derivation. SHA-256 is a rather more secure hash function with a larger output. So you will never ever have the same output for both functions. If you would, you will have broken one of the two - or much more likely you will have made a mistake.
Note that you should use PBKDF2 over PBKDF1 as it is more secure and does provide key stretching.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.