RE: How is .net generating extra bits in MD5?

From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 01/25/05 

Date: Tue, 25 Jan 2005 22:17:44 GMT

Hi Pete,

When you use PasswordDeriveBytes::GetBytes, you're using the PBKDF1
algoritm specified in RFC 2898 (http:://www.ietf.org/rfc/rfc2898.txt). The
general flow of the algorithm is:

1. Concatenate the Password and Salt: R0 = Pwd + Salt
2. Hash the result Iteration Count times: Rn = Hash(Rn - 1)
3. The result is the Rn where n = Iteration Count

You can find more details on PBKDF1 as well as CryptDeriveKey and PBKDF2 in
this blog entry:
http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx

-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.
 

Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------
> From: "Pete" <jpeteb@hotmail.com>
> Newsgroups: microsoft.public.dotnet.security
> Subject: How is .net generating extra bits in MD5?
> Date: 21 Jan 2005 11:53:48 -0800
> Organization: http://groups.google.com
> Lines: 28
> Message-ID: <1106337228.327388.91720@z14g2000cwz.googlegroups.com>
> NNTP-Posting-Host: 24.61.90.30
> Mime-Version: 1.0
> Content-Type: text/plain; charset="iso-8859-1"
> X-Trace: posting.google.com 1106337232 18565 127.0.0.1 (21 Jan 2005
19:53:52 GMT)
> X-Complaints-To: groups-abuse@google.com
> NNTP-Posting-Date: Fri, 21 Jan 2005 19:53:52 +0000 (UTC)
> User-Agent: G2/0.2
> Complaints-To: groups-abuse@google.com
> Injection-Info: z14g2000cwz.googlegroups.com; posting-host=24.61.90.30;
> posting-account=IqaX-g0AAABf1vnqRnug2h2tWwNeY6Ex
> Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!news.glorb.com!postnews.google.com!z14g2000cwz.go
oglegroups.com!not-for-mail
> Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:8813
> X-Tomcat-NG: microsoft.public.dotnet.security
>
> Hi,
>
> I have a piece of .net code I am trying to understand. It creates a MD5
> hash then requests 256 bits from the hash, where MD5 only generates 128
> bits. I've looked at the hash with another non-.net piece of code and
> the first 128 bits match up correctly. How is Microsoft creating the
> second 128 bits? I cannot seem to figure that out. Here is a code
> fragment in C#:
>
> string passPhrase; // password string
> string saltValue; // salt string
> string hashAlgorithm; // set to "MD5"
> int passwordIterations; // set to 2
> int keySize; // set to 256
>
> byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector);
> byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
>
> PasswordDeriveBytes password = new PasswordDeriveBytes(
> passPhrase,
> saltValueBytes,
> hashAlgorithm,
> passwordIterations);
> byte[] keyBytes = password.GetBytes(keySize / 8);
>
>
> TIA for any help.
>
>