Re: How is .net generating extra bits in MD5?

From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 01/21/05

  • Next message: Gecko: "Re: sn.exe -Vr assembly" 
    Date: Fri, 21 Jan 2005 23:25:58 +0100

    Hi,
    PasswordDeriveBytes does the same thing as CryptDeriveKey and actually
    involves 3 hashes:

    K' = H(password)
    K = H(K' XOR {0x36}) || H(K' XOR {0x5C})
    where H is hash algorithm, || - concatenation and K' is intermediate key.

    -Valery.
    http://www.harper.no/valery

    "Pete" <jpeteb@hotmail.com> wrote in message
    news:1106337228.327388.91720@z14g2000cwz.googlegroups.com...
    > Hi,
    >
    > I have a piece of .net code I am trying to understand. It creates a MD5
    > hash then requests 256 bits from the hash, where MD5 only generates 128
    > bits. I've looked at the hash with another non-.net piece of code and
    > the first 128 bits match up correctly. How is Microsoft creating the
    > second 128 bits? I cannot seem to figure that out. Here is a code
    > fragment in C#:
    >
    > string passPhrase; // password string
    > string saltValue; // salt string
    > string hashAlgorithm; // set to "MD5"
    > int passwordIterations; // set to 2
    > int keySize; // set to 256
    >
    > byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector);
    > byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
    >
    > PasswordDeriveBytes password = new PasswordDeriveBytes(
    > passPhrase,
    > saltValueBytes,
    > hashAlgorithm,
    > passwordIterations);
    > byte[] keyBytes = password.GetBytes(keySize / 8);
    >
    >
    > TIA for any help.
    >

  • Next message: Gecko: "Re: sn.exe -Vr assembly"