RNGCryptoServiceProvider and Rfc2898DeriveBytes
Does it make sense to run a encryption key (2048 bit) generated with the RNGCry开发者_开发技巧ptoServiceProvider
through Rfc2898DeriveBytes.GetBytes()
or is Rfc2898DeriveBytes
more geared toward generating encryption keys from shorter keys like passphrases?
Rfc2898DeriveBytes.GetBytes()
is mainly used for getting a key of the right size with your encryption chipper size. If you're sure that your key is secure this is not needed (and of course if the key sizes match). If it's a user input (i.e. a passkey), than definitely use Rfc2898DeriveBytes
class to derive a proper key (or use hashing with salt).
If you already have something suitable for a key, which it appears you have, why would you use it to generate another key? Personally I don't see any benefit putting it through derived bytes as you already have a cryptographically secure random number.
精彩评论