The same as .NET implementation, but with much more extensibility, such as other hashes and the ability to replace any algorithm part (at your own risk).
Available as a package.
var saltBytes = new byte [] {1, 2, 3, 4, 5}; // use much more than this!
var hash = Pbkdf2.HashData("HMACSHA512", "my password", saltBytes,
100000 /* iterations */, 32 /* hash size in bytes */);
var saltBytes = new byte [] {1, 2, 3, 4, 5}; // use much more than this!
using var pbkdf2 = new HmacPbkdf2DeriveBytes("HMACSHA512", "my password", saltBytes,
100000 /* iterations */);
var hash = pbkdf2.GetBytes(32 /* hash size in bytes */);
All methods can be overriden so any part of hash can be replaced.
The idea is to avoid being brute forced by an ASIC, for example by simply adding a user block manipulation at PseudoRandomFunction
or ComputeBlockIteration
.
Currently there are three classes:
Pbkdf2DeriveBytes
is the abstract class which requires only to add a pseudo-random functionHmacPbkdf2DeriveBytes
is an implementation ofPbkdf2DeriveBytes
, specific to use HMACs.ParallelHmacPbkdf2DeriveBytes
is an implementation ofPbkdf2DeriveBytes
, specific to use HMACs and work in parallel (using PLINQ).
- RFC 2898: the reference
- .NET implementation documentation: our implementation works the same
- Wikipedia: a human-readable description