PBKDF2.NET

Adaptive PBKDF2 Library for the .NET Framework

View project onGitHub

PBKDF2.NET

Adaptive Password-based Key Derivation Functionality (PBKDF2) can be difficult to implement on your own. Yet it is absolutely essential to ensure the integrity of your user's passwords. NSA and FIPS standards recommend the use of SHA256 at a minimum for PBKDF2 but the .NET Framework only uses SHA1 for their out-of-the-box implementation via the Rfc2898DerivedBytes class. For many developers, this can be undesired, while for others, this can simply be unacceptable.

PBKDF2.NET addresses this obstacle by allowing you to choose the hashing routine that's right for you! This utility library extends the System.Security.Cryptography namespace by introducing the System.Security.Cryptography.PBKDF2 class. While carefully ensuring that the suggested pattern for PBKDF2 is adhered to, this utility library allows you to dynamically specify your HMAC of choice while still holding true to the .NET programming model for cryptographic procedures. This means that you can easily swap this implementation directly into place with any existing implementation from the .NET framework you may have with little to no refactoring of your code base.

You are not limited to using the built-in .NET Framework HMAC implementations with the PBKDF2 class. You can use any type that inherits from System.Security.Cryptography.HMAC, including your own custom HMAC-based implementations. To use a custom implementation, simple register your type with the application domain (for example: via the CryptoConfig class) and you can use it's HashName value either in the constructor or within the PBKDF2Section configuration section. (see below)

The library goes one step further by extending the System.Configuration namespace to include a robust configuration section specifically designed for the System.Security.Cryptography.PBKDF2 class:

System.Configuration.PBKDF2Section

The PBKDF2Section includes the following properties:

public string HashName { get; set; }

public int IterationCount { get; set; }

public int SaltSize { get; set; }

The purpose of the PBKDF2Section class is to provide default settings for the PBKDF2 class. If you wish, you can specify the defaults you would like to use, and when initializing an instance of the PBKDF2 class you can omit the parameters from the constructor that you wish to use the default values for and the defaults will be initialized internally in the new instance for you.

Licensing

This utility library is licensed under the MIT License.