Solved

PBKDF2 implementation in CryptoAPI?

Posted on 2008-10-30
8
1,805 Views
Last Modified: 2009-01-07
Hello Folks,

MSDN routinely mentions employing PBKDF2 (Along with SHA1 and CBC, etc) for password-based key derivation routines (http://msdn.microsoft.com/en-us/library/ms995355.aspx). I am in need to derive a key using PBKDF2 full specs, incuding:

- Sha1
- some preset SALT value
- some preset iteration count
- a hybrid CBC/CFB approach: CBC mode to encrypt all whole blocks and CFB mode to encrypt any remaining bytes.

I'm having a hard time finding and using PBKDF2 functionality through CryptoAPI. The CryptDeriveKey has some functionality exposed (I understand that SALT can be set through the CryptSetKeyParam(), but where is the iteration count set through CryptoApi?

Assuming CryptoApi is perusing some sort of PBKDF2, is this function exposed through some other API?

Thanks in advance.
0
Comment
Question by:Xpressionist
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 

Author Comment

by:Xpressionist
ID: 23047255
I have implemented this on my own, if there is any interest, i'd be happy to supply my own code.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23116343
No offence but way over 'my' head lol
0
 

Author Comment

by:Xpressionist
ID: 23125519
No offense taken :) Problem took a while to dissect.. in the end, it's basic encryption..
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23131544
As in it needed basic authentication to be allowed in addition to ntlm/instead of?
0
 

Author Comment

by:Xpressionist
ID: 23131596
The problem aroused since MSFT does not seem to have a PBKDF2 compliant function for password-derived keys. My client was using a (RFC2898 - PKCS #5) certified procedure to derive his keys, and I needed to mimic the same functionality by employing MSFT building blocks. In the end, the solution implemented RSA's white paper with some MSFT code...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23131636
Ah - OK. Thanks for the followup info.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 23313051
Question PAQ'd, 500 points refunded, and stored in the solution database.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
An article on effective troubleshooting
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question