Solved

PBKDF2 implementation in CryptoAPI?

Posted on 2008-10-30
8
1,759 Views
Last Modified: 2009-01-07
Hello Folks,

MSDN routinely mentions employing PBKDF2 (Along with SHA1 and CBC, etc) for password-based key derivation routines (http://msdn.microsoft.com/en-us/library/ms995355.aspx). I am in need to derive a key using PBKDF2 full specs, incuding:

- Sha1
- some preset SALT value
- some preset iteration count
- a hybrid CBC/CFB approach: CBC mode to encrypt all whole blocks and CFB mode to encrypt any remaining bytes.

I'm having a hard time finding and using PBKDF2 functionality through CryptoAPI. The CryptDeriveKey has some functionality exposed (I understand that SALT can be set through the CryptSetKeyParam(), but where is the iteration count set through CryptoApi?

Assuming CryptoApi is perusing some sort of PBKDF2, is this function exposed through some other API?

Thanks in advance.
0
Comment
Question by:Xpressionist
  • 3
  • 3
8 Comments
 

Author Comment

by:Xpressionist
ID: 23047255
I have implemented this on my own, if there is any interest, i'd be happy to supply my own code.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23116343
No offence but way over 'my' head lol
0
 

Author Comment

by:Xpressionist
ID: 23125519
No offense taken :) Problem took a while to dissect.. in the end, it's basic encryption..
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23131544
As in it needed basic authentication to be allowed in addition to ntlm/instead of?
0
 

Author Comment

by:Xpressionist
ID: 23131596
The problem aroused since MSFT does not seem to have a PBKDF2 compliant function for password-derived keys. My client was using a (RFC2898 - PKCS #5) certified procedure to derive his keys, and I needed to mimic the same functionality by employing MSFT building blocks. In the end, the solution implemented RSA's white paper with some MSFT code...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23131636
Ah - OK. Thanks for the followup info.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 23313051
Question PAQ'd, 500 points refunded, and stored in the solution database.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now