How to Configure .NET’s PBKDF2 Implementation in 2019

I want to use .NET’s Rfc2898DeriveBytes functionality to store passwords in a database. In order to do so, I need to make several decisions that will affect the security level. Let’s explore sensible values for these decisions in the current year, 2019.

Salt length

According to this answer, a salt length of 16 bytes is enough to prevent salt collisions.

Pepper

Using a pepper adds an additional layer of security. However, it is important to note that the server-side key should not be used as a pepper. Instead, the result of the hashing process should be encrypted with a secret key that is kept separate from the database. Example code for implementing this can be found in this answer.

Iteration count

The iteration count should be tested on the actual hardware. The goal is to make it take around a second to log in.

Algorithm choice, Hash length

According to this answer, SHA-512 is recommended as the algorithm choice. In C#, you would use .GetBytes(64) to get a 512-bit derived key.

How to combine the parts for the DB

A recommended pattern for combining the parts for the database is: {hasherVersion}${encryptionVersion}${payload}. The hasherVersion and encryptionVersion numbers can be incremented when changes are made to the hashing or encryption methods. The payload is the actual encoded password.

The size of the DB field(s) needed

A DB field size of 120 characters should be sufficient. This includes 108 characters for the Base64-encoded salt+hash, 2 characters for delimiters, and 5 characters each for hasherVersion and encryptionVersion.

Leave a Reply

Your email address will not be published. Required fields are marked *