Xpressionist
asked on
PBKDF2 implementation in CryptoAPI?
Hello Folks,
MSDN routinely mentions employing PBKDF2 (Along with SHA1 and CBC, etc) for password-based key derivation routines (http://msdn.microsoft.com/en-us/library/ms995355.aspx). I am in need to derive a key using PBKDF2 full specs, incuding:
- Sha1
- some preset SALT value
- some preset iteration count
- a hybrid CBC/CFB approach: CBC mode to encrypt all whole blocks and CFB mode to encrypt any remaining bytes.
I'm having a hard time finding and using PBKDF2 functionality through CryptoAPI. The CryptDeriveKey has some functionality exposed (I understand that SALT can be set through the CryptSetKeyParam(), but where is the iteration count set through CryptoApi?
Assuming CryptoApi is perusing some sort of PBKDF2, is this function exposed through some other API?
Thanks in advance.
MSDN routinely mentions employing PBKDF2 (Along with SHA1 and CBC, etc) for password-based key derivation routines (http://msdn.microsoft.com/en-us/library/ms995355.aspx). I am in need to derive a key using PBKDF2 full specs, incuding:
- Sha1
- some preset SALT value
- some preset iteration count
- a hybrid CBC/CFB approach: CBC mode to encrypt all whole blocks and CFB mode to encrypt any remaining bytes.
I'm having a hard time finding and using PBKDF2 functionality through CryptoAPI. The CryptDeriveKey has some functionality exposed (I understand that SALT can be set through the CryptSetKeyParam(), but where is the iteration count set through CryptoApi?
Assuming CryptoApi is perusing some sort of PBKDF2, is this function exposed through some other API?
Thanks in advance.
No offence but way over 'my' head lol
ASKER
No offense taken :) Problem took a while to dissect.. in the end, it's basic encryption..
As in it needed basic authentication to be allowed in addition to ntlm/instead of?
ASKER
The problem aroused since MSFT does not seem to have a PBKDF2 compliant function for password-derived keys. My client was using a (RFC2898 - PKCS #5) certified procedure to derive his keys, and I needed to mimic the same functionality by employing MSFT building blocks. In the end, the solution implemented RSA's white paper with some MSFT code...
Ah - OK. Thanks for the followup info.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER