Search code examples
c#cryptographysalt-cryptographypbkdf2

What does the output of Rfc2898DeriveBytes depend on and how should the salt be treated?

public string Encrypt(string Code)
{
    string result = string.Empty;
    byte[] encryptResult = null;
    var CodeInByte = Encoding.ASCII.GetBytes(Code);

    try
    {
        using (MemoryStream memo = new MemoryStream())
        {
            using (RijndaelManaged AES = new RijndaelManaged())
            {
                AES.KeySize = KeySize;
                AES.BlockSize = BlockSize;

                var key = new Rfc2898DeriveBytes(CodeInByte, salt, 1000);
                AES.Key = key.GetBytes(AES.KeySize / 8);
                AES.IV = key.GetBytes(AES.BlockSize / 8);

                AES.Mode = CipherMode.CBC;

                using (var encrypt = new CryptoStream(memo, AES.CreateEncryptor(), CryptoStreamMode.Write))
                {
                    encrypt.Write(CodeInByte, 0, CodeInByte.Length);
                    encrypt.Close();
                }

                encryptResult = memo.ToArray();
            }
        }

        result = Convert.ToBase64String(encryptResult);
        return result;
    }
    catch (Exception err)
    {
        MsgCode = 99;
        MsgDesc = err.Message;
        return string.Empty;
    }            
}

It's just a simple AES encrypting method from string

The point I want to ask, when generating the key, at

var key = new Rfc2898DeriveBytes(CodeInByte, salt, 1000);

is the key generated from inputted string, or it's just a random generated byte array?

and, is the salt needs to be static or not

Solution

  • As the documentation on MSDN suggests:

    Rfc2898DeriveBytes takes a password, a salt, and an iteration count, and then generates keys through calls to the GetBytes method.

    In other words, it will derive bytes using the input parameters you give it. If you give it different parameters, the derived key will be different. If you give it the same parameters, it will generate the same bytes.

    Symmetrical encryption algorithms (such as AES) require a fixed length key - 16 bytes in this case for AES128. However, you don't want to mandate that passwords are fixed length as this makes them much easier to attack. You also might want much longer keys than a feasible password - AES256 would require a 32byte key, for example. Finally, passwords tend to be alphanumeric and perhaps have some symbols, whereas an encryption key is made up of bytes that can range from 0x00-0xFF, if you made the encryption key a 32 character ASCII password, then you'd reduce the range quite considerably as the printable ASCII character range is much smaller than 0x00-0xFF.

    For this reason, you want to derive the encryption key from a given password in such a way that you get a strong key of the exact length you require. That's where Rfc2898DeriveBytes comes in.