开发者

RNGCryptoServiceProvider and Rfc2898DeriveBytes

Does it make sense to run a encryption key (2048 bit) generated with the RNGCry开发者_开发技巧ptoServiceProvider through Rfc2898DeriveBytes.GetBytes() or is Rfc2898DeriveBytes more geared toward generating encryption keys from shorter keys like passphrases?


Rfc2898DeriveBytes.GetBytes() is mainly used for getting a key of the right size with your encryption chipper size. If you're sure that your key is secure this is not needed (and of course if the key sizes match). If it's a user input (i.e. a passkey), than definitely use Rfc2898DeriveBytes class to derive a proper key (or use hashing with salt).


If you already have something suitable for a key, which it appears you have, why would you use it to generate another key? Personally I don't see any benefit putting it through derived bytes as you already have a cryptographically secure random number.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜