Something Missing from CNG

Just like CAPI, CNG is missing a password-based key derivation function (RFC 2898). Essentially, you should never use a password directly to encrypt data; rather, you should derive the final key from the original password. This usually involves performing a cryptographic operation, such as a hash, thousands of times (the iteration count) on the original key. Think of the iteration count as a “Moore’s Law compensator.” As machines get faster, you can simply increase the iteration count to compensate for machine speed and slow the attacker down.

The .NET Framework includes support for PBKDF, such as the Rfc2898DeriveBytes class. Here is sample code showing how you can use the class:

 string password = args[0]; byte[] salt = new byte[16]; new RNGCryptoServiceProvider().GetBytes(salt); Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(password, salt, 50000); byte[] key = pdb.GetBytes(16); byte[] iv = pdb.GetBytes(16); Console.WriteLine("Key: " + Convert.ToBase64String(key)); Console.WriteLine("IV : " + Convert.ToBase64String(iv));

CNG does include a very flexible key derivation function, BCryptDeriveKey, that can be used to derive keys the same way SSL3, TLS1, and CMS do, but it’s not a password-to-key function. It is hoped this will be addressed in a future version of CNG.