Generating different keys with Rfc2898DeriveBytes in c# and pbkdf2 in go

Question

Here is the C# sample code to verify the hash password.

Salt size is 8 which generates random bytes, 10000 time Iteration and Hash size is 20.

    public static bool VerifyHashedString(string inputString, string hashedString)
    {
        try
        {
            byte[] hashBytes = Convert.FromBase64String(hashedString);
            var salt = new byte[8];
            Array.Copy(hashBytes, 0, salt, 0, 8);

            var pbkdf2 = new Rfc2898DeriveBytes(inputString, salt, 10000);
            byte[] hash = pbkdf2.GetBytes(20);

            for (var i = 0; i < 20; i++)
            {
                if (hashBytes[i + 8] != hash[i])
                {
                    return false;
                }
            }
            return true;
        }
        catch
        {
            return false;
        }
    }

And I am using following code to verify in golang - please find the link https://github.com/anaskhan96/go-password-encoder but I am not able to match hash text

what could be the reason ?

Following are the observation Hash password length varies.

in C# KwLur0TzENvIVUmvTg0gqPUh+Jkndlu2bH7L8g==

in Golang KETc4Dp1kZzPC6pdePc5OQyDXLA=

What relationship should there be between *your* code and the *go* code? When you convert some code, or try to make some code compatible with the code of another language, you should try copying the code, and not simply saying "the method names are the same, they must produce the same results". — xanatos, Jun 22 '18 at 08:00
And note that .net pbkdf2 uses SHA1 while the code in GO defaults to SHA512 — xanatos, Jun 22 '18 at 08:18
To overcome the limits of the `Rfc2898DeriveBytes` class, see https://stackoverflow.com/a/50797283/613130 — xanatos, Jun 22 '18 at 13:06

Generating different keys with Rfc2898DeriveBytes in c# and pbkdf2 in go

0 Answers0