So it came up today, how to properly derive a key for symmetric encryption. In the past, I’ve always just used System.Security.Cryptography.PasswordDeriveBytes. However, it turns out there is a second class in that namespace called Rfc2898DeriveBytes which also inherits from DeriveBytes. What’s the difference?
I found a great blog post from 2004, but it’s still relavent today, which explains it all:
Generating a key from a password
In short, PasswordDeriveBytes implements RCF 2898 section 5.1 (a.k.a. PBKDF1), and Rfc2898DeriveBytes implements what’s described in section 5.2 (a.k.a. PBKDF2), a more secure way to generate a key, from a given password. Basically, 5.1 is limited by the length of the output from the hashing algorithm, and 5.2 is unbounded and can be an unlimited length.
So basically, unless you need PBKDF1 for compatibility, you should probably use the Rfc2898DeriveBytes implementation!