0

I'm using C# and wondering why the .Net function PasswordDeriveBytes returns a different result from other SHA256 algorithums.

I'm calling it as follows:

byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
var hash = PasswordDeriveBytes("1234567890", saltValueBytes, "SHA256", 1);
byte[] SHA256Pass = hash.GetBytes();

I am expecting to get the hash c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646

but instead I get b????????A?n?z$?]??9,m^????@n?

I dont know what the problem is. how this function works and why the result i'm getting does not look like a SHA 256 hash.

thanks

There is no spoon
  • 1,775
  • 2
  • 22
  • 53
  • 1
    For other SHA256 algorithms do you mean just sha256(salt || txt) or someone else's PBKDF1 implementation ? – imichaelmiers Oct 25 '12 at 17:40
  • Exactly, there are lots of ways to hash something even if the base algorithm is the same. PasswordDeriveBytes's documentation specifies that it's a variation of PBKDF1, not exactly identical. – SilverbackNet Oct 25 '12 at 21:44

2 Answers2

4

How are you displaying your bytes? It looks like you took them and tried to convert them directly to a string, which gives you some wierd-looking characters (and about half the number of characters expected). See this answer for some options for doing the conversion to a hex string like it appears you were expecting.

Community
  • 1
  • 1
Jonathan Rupp
  • 15,522
  • 5
  • 45
  • 61
  • Do convert the string I simply did Encoding.ASCII.GetString(SHA256Pass). – There is no spoon Oct 25 '12 at 05:32
  • 2
    You should convert byte array to hex string instead! – linquize Oct 25 '12 at 05:37
  • I've converted the byte array to a string as described by your link but the hash values are still different. Im getting 62c1f5b7b396dbaa9441dc6eed7a24fa5d8bdf392c6d5eae1fbbe9c4401e6eaa but i was expecting c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646. I can't see what the problem is. – There is no spoon Oct 25 '12 at 20:52
  • @Thereisnospoon make sure you're using the same encoding when you convert the input string to bytes that your reference implementation is using. The code you supplied uses ASCII, try UTF7, UTF8, and Unicode too. – Jonathan Rupp Oct 26 '12 at 00:22
2

PasswordDeriveBytes is not a hash function, it is a key derivation function. It follows PBKDF1 precisely until you exceed 20 bytes of output, for which PBKDF1 was designed. When that happens it turns into a proprietary, badly programmed, insecure and unknown key stretching function.

PBKDF1 uses SHA-1 to implement the key derivation. SHA-256 is a rather more secure hash function with a larger output. So you will never ever have the same output for both functions. If you would, you will have broken one of the two - or much more likely you will have made a mistake.

Note that you should use PBKDF2 over PBKDF1 as it is more secure and does provide key stretching.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thats interesting. I'm passing in SHA256 to the PasswordDeriveBytes function as the has name so I was expecting that it would perform SHA256. Is this no the case? – There is no spoon Oct 29 '12 at 00:02
  • Indeed, SHA-256 is only used as a building block to ***implement*** the key Key Derivation Function, it's not used to identify the output. Just like a SHA-256 can be used within a digital signature algorithm (or a HMAC for that matter). – Maarten Bodewes Oct 29 '12 at 01:32
  • So what you saying is that the hash value returned from PasswordDeriveBytes is actually SHA-1 ? – There is no spoon Oct 29 '12 at 03:00
  • Look up PBKDF1 in the PKCS#5 standard and read it. If you've got questions about it I'll be monitoring [crypto](http://crypto.stackexchange.com). SHA-1 does determine the outputsize, not the output as it is rau – Maarten Bodewes Oct 29 '12 at 09:16
  • Hmm, that was my android phone screwing up my comment; it should read "as it is ran through a number of configured iterations" at the end. – Maarten Bodewes Oct 29 '12 at 16:31
  • owlstead, I came across one of your answers to another question which is very similar to what I need to do. Basically we have a .Net app that uses PasswordDeriveBytes to derive a password and then encrypt/decrypt some data using Rijndael. We also have a Delphi app which also derives a password from a key and a salt using SHA256 and x number of iterations and then encrypts/decrypts some data using Rijndael. The Delphi app is outputting the expected hash but its not the same as what PasswordDeriveBytes puts out, given the same key, salt and number of iterations. I beginning to understand now. – There is no spoon Oct 29 '12 at 19:40
  • As said, the hash is just a building block within PBKDF1. It could easily be another pseudo random function or pseudo random permutation. If the execution of the function is different by a single bit, you get a completely different answer. – Maarten Bodewes Oct 29 '12 at 20:51