Using Rfc2898DeriveBytes Class to obtain Key and IV

I am just becoming familiar with encryption and the .NET framework. After looking at many examples I am seeing a repeated pattern that confuses when using the .NET Class Rfc2898DeriveBytes. When using this class to obtain an encryption key and an initialization vector the same method seems to be used.

开发者_如何转开发Here is some code from an MSDN blog that demonstrates obtaining a key and an initialization vector.

byte[] salt = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 };
Rfc2898DeriveBytes pwdGen = new Rfc2898DeriveBytes("P@$$w0rd", salt, 1000);

// generate an RC2 key
byte[] key = pwdGen.GetBytes(16);
byte[] iv = pwdGen.GetBytes(8);

I have seen this used in other places also. I guess I would have thought it would be something like this ...

// generate an RC2 key
byte[] key = pwdGen.GetKey();
byte[] iv = pwdGen.GetInitializationVector();

I MUST be missing something here. If the Key and Initialization Vector (IV) are just random numbers how are they obtained again when using the proper password and salt?

The RFC2898 key derivation algorithm is deterministic. When you run it with the same inputs, you'll get the same outputs.

So as long as you call GetBytes() in the same order, requesting the same number of bytes, you'll get the same key and IV.

Don't forget that in a real system the salt should be randomly generated at encryption time (and stored so that it can be retrieved at decryption time).