PBKDF2 c#.NET 的性能
Performance of PBKDF2 c#.NET with
I need to implement a password hashing mechanism for our system. I am using PBKDF2 for the purpose. I have made a small console application for the demo purpose. With the parameters I am using, Its taking my desktop 56 ms to generate the final hash.
From the sources I have gone through, they mentioned the generation time of 100ms should be reasonably secured. Is it the correct assumption or should I make my generation slower? If yes, what parameters should I probably change?
代码:
class Program
{
static void Main(string[] args)
{
var watch = System.Diagnostics.Stopwatch.StartNew();
byte[] op = null;
op = GetPDKDF2("password", 20, 10000);
watch.Stop();
Console.WriteLine("total time: " + watch.ElapsedMilliseconds);
Console.ReadKey();
}
public static byte[] GetPDKDF2(string password, int saltSize, int iterationCount)
{
var pdf = new Rfc2898DeriveBytes(password, saltSize, iterationCount);
return pdf.GetBytes(20);
}
}
如您所说,目标的标准延迟是 100 毫秒。使用 PBKDF2 计算散列所花费的时间与迭代次数成正比。考虑到这一点,您可能只需将迭代次数加倍即可获得大约 100 毫秒的延迟。
我建议您不要让迭代计数发生变化,至少不要作为函数的参数。随着硬件的进步,将来更改迭代计数是个好主意,但您需要确保所使用的迭代计数被生成的哈希值记录下来。
我会为迭代计数使用一个常量值:
const int ITERATION_COUNT = 20000;
并使用:
public static byte[] GetPDKDF2(string password, int saltSize)
{
var pdf = new Rfc2898DeriveBytes(password, saltSize, ITERATION_COUNT);
return pdf.GetBytes(20);
}
I need to implement a password hashing mechanism for our system. I am using
PBKDF2for the purpose. I have made a small console application for the demo purpose. With the parameters I am using, Its taking my desktop56 msto generate the final hash.From the sources I have gone through, they mentioned the generation time of 100ms should be reasonably secured. Is it the correct assumption or should I make my generation slower? If yes, what parameters should I probably change?
代码:
class Program
{
static void Main(string[] args)
{
var watch = System.Diagnostics.Stopwatch.StartNew();
byte[] op = null;
op = GetPDKDF2("password", 20, 10000);
watch.Stop();
Console.WriteLine("total time: " + watch.ElapsedMilliseconds);
Console.ReadKey();
}
public static byte[] GetPDKDF2(string password, int saltSize, int iterationCount)
{
var pdf = new Rfc2898DeriveBytes(password, saltSize, iterationCount);
return pdf.GetBytes(20);
}
}
如您所说,目标的标准延迟是 100 毫秒。使用 PBKDF2 计算散列所花费的时间与迭代次数成正比。考虑到这一点,您可能只需将迭代次数加倍即可获得大约 100 毫秒的延迟。
我建议您不要让迭代计数发生变化,至少不要作为函数的参数。随着硬件的进步,将来更改迭代计数是个好主意,但您需要确保所使用的迭代计数被生成的哈希值记录下来。
我会为迭代计数使用一个常量值:
const int ITERATION_COUNT = 20000;
并使用:
public static byte[] GetPDKDF2(string password, int saltSize)
{
var pdf = new Rfc2898DeriveBytes(password, saltSize, ITERATION_COUNT);
return pdf.GetBytes(20);
}