10 Haziran 2017 Cumartesi

Password-Based Key Derivation Function 2

Giriş
Password-Based Key Derivation Function 2 (PBKDF-2) RFC2898 ile tanımlı. Rfc2898DrivedBytes sınıfı içinde gerçekleştirilmiş.Şu satırı dahil ederiz.
using System.Security.Cryptography;
Açıklaması şöyle
You really, really do not want to use a user password directly as a crypto key, especially with AES.

Rfc2898DeriveBytes is an implementation of PBKDF2. What it does is repeatedly hash the user password along with the salt. This has multiple benefits:

Firstly, you can use arbitrarily sized passwords - AES only supports specific key sizes.

Secondly, the addition of the salt means that you can use the same passphrase to generate multiple different keys (assuming the salt is not a constant, as it is in your example). This is important for key separation; reusing keys in different contexts is one of the most common ways cryptographic systems are broken.

The multiple iterations (1000 by default) slow down password guessing attacks. Consider someone who is trying to guess your AES key. If you just used the password, this would be straightforward - just try each possible password as the key. On the other hand, with PBKDF2, the attacker first has to perform 1000 hash iterations for each password guess. So while it slows down a user only slightly, it has a disproportionate effect on an attacker. (In fact it's quite common to use much higher iteration counts; 10000 is commonly recommended).

It also means the final output key is uniformly distributed. If you used the password, for instance, typically 16 out of 128 bits of the key would be 0 (the high ASCII bit). That right there immediately makes keysearch 65536 times easier than it should be, even ignoring the password guessing.
Constructor - password + salt size + iterations
Açıklaması şöyle
Low-entropy passwords should be converted into key material with a password-stretching KDF with appropriate work factors. PBKDF2 (with a work factor of > 100,000) is fine, if aging.
Şöyle  yaparız.
var r = new Rfc2898DeriveBytes("password!", 16, 100000);
GetBytes metodu
Salt üretmek için kullanılabilir. Şöyle yaparız.
var r = new Rfc2898DeriveBytes("password!", 16, 100000);
byte[] saltedHash = r.GetBytes(32);
byte[] salt = r.Salt;


Hiç yorum yok:

Yorum Gönder