asked on

PBKDF2 implementation in CryptoAPI?

Hello Folks,

MSDN routinely mentions employing PBKDF2 (Along with SHA1 and CBC, etc) for password-based key derivation routines (http://msdn.microsoft.com/en-us/library/ms995355.aspx). I am in need to derive a key using PBKDF2 full specs, incuding:

- Sha1
- some preset SALT value
- some preset iteration count
- a hybrid CBC/CFB approach: CBC mode to encrypt all whole blocks and CFB mode to encrypt any remaining bytes.

I'm having a hard time finding and using PBKDF2 functionality through CryptoAPI. The CryptDeriveKey has some functionality exposed (I understand that SALT can be set through the CryptSetKeyParam(), but where is the iteration count set through CryptoApi?

Assuming CryptoApi is perusing some sort of PBKDF2, is this function exposed through some other API?

Thanks in advance.

Xpressionist

ASKER

I have implemented this on my own, if there is any interest, i'd be happy to supply my own code.

Keith Alabaster

No offence but way over 'my' head lol

Xpressionist

ASKER

No offense taken :) Problem took a while to dissect.. in the end, it's basic encryption..

Keith Alabaster

As in it needed basic authentication to be allowed in addition to ntlm/instead of?

Xpressionist

ASKER

The problem aroused since MSFT does not seem to have a PBKDF2 compliant function for password-derived keys. My client was using a (RFC2898 - PKCS #5) certified procedure to derive his keys, and I needed to mimic the same functionality by employing MSFT building blocks. In the end, the solution implemented RSA's white paper with some MSFT code...

Keith Alabaster

Ah - OK. Thanks for the followup info.

ASKER CERTIFIED SOLUTION

ee_auto

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial