PasswordDeriveBytes VS Rfc2898DeriveBytes,但已过时的方法更快更快、但已、方法、PasswordDeriveBytes
我在一个加密功能的基础上,从SymmetricAlgorithm继承类,如TripleDes的,DES等工作。
I'm working on a encryption functionality based on classes inherited from SymmetricAlgorithm such as TripleDes, DES, etc.
基本上这里有两种选项生成一致的密钥和IV为我的算法类, PasswordDeriveBytes 和 Rfc2898DeriveBytes ,无论是从DeriveBytes抽象类继承。
Basically there're two options to generate consistent key and IV for my algorithm class, PasswordDeriveBytes and Rfc2898DeriveBytes, both inherit from DeriveBytes abstract class.
在 PasswordDeriveBytes.GetBytes()方法被标记在.NET框架为过时,而Rfc2898DeriveBytes.GetBytes()的建议,因为它符合PBKDF2标准。然而,根据我的测试,调用同一个的GetBytes()在Rfc2898DeriveBytes类方法比放缓 PasswordDeriveBytes 类,从而导致意想不到的CPU使用率(总是高于50%)。
The PasswordDeriveBytes.GetBytes() method is marked as obsolete in .NET framework while Rfc2898DeriveBytes.GetBytes() is recommended, as it matches the PBKDF2 standard. However, based on my testing, calling the same GetBytes() method in Rfc2898DeriveBytes class is almost 15 times slower than that in PasswordDeriveBytes class, which leads to unexpected CPU usage (always higher than 50%).
我这里还有测试数据:
迭代:100 算法类型:DES 原文字:我是一个测试键,加密我好吗 时间: PasswordDeriveBytes:99ms Rfc2898DeriveBytes:1,373ms Iterations: 100 Algorithm type: DES Original Text: "I'm a test key, encrypt me please" Time: PasswordDeriveBytes: 99ms Rfc2898DeriveBytes: 1,373ms根据测试, Rfc2898DeriveBytes 的糟糕表现是不是在生产环境可以接受的。
Based on the testing, the bad performance of Rfc2898DeriveBytes is not acceptable in production environment.
有没有人注意到这个问题?任何解决方案,我仍然可以使用一个标准没有击中的表现?任何风险,使用过时的方法(可能会在未来的版本中删除)?
Has anyone noticed this problem before? Any solution I can still use a standard one without hitting the performance? Any risk to use an obsolete method (could be removed in future version)?
谢谢你们!
编辑:
也许我发现问题出在哪里?对于 PasswordDeriveBytes 默认的迭代次数数为100,而对于 Rfc2898DeriveBytes 是1000后,我改变了他们为同一个号码为1000,执行 Rfc2898DeriveBytes 仅在双倍时间。
Probably I found where the problem is... The default iteration count number for PasswordDeriveBytes is 100, while for Rfc2898DeriveBytes is 1000. After I changed them to the same number as 1000, executing Rfc2898DeriveBytes is only double time.
推荐答案
这对两者之间的区别的博文讲座:http://blogs.msdn.com/shawnfa/archive/2004/04/14/generating-a-key-from-a-password.aspx
This blogpost talks about the differences between the two: http://blogs.msdn.com/shawnfa/archive/2004/04/14/generating-a-key-from-a-password.aspx
