A lot of documents on the web related to Rfc2898DeriveBytes suggest that the number of iterations should be increased every two years. I am designing a new database structure for an application to contain the number of iterations with the hash and salt for each user. What is the best way of ensuring that all passwords are updated to the new iteration count in two years? Rfc2898DeriveBytes constructors only accept password as input, not hash. I'm a bit cautious about writing my own function, but would rehashing with HMACSHA1 be an option? Or do I just need to wait for all users to log in and rehash them if they have the old iterations?
Incrementing Rfc2898DeriveBytes IterationCount without original input
520 Views Asked by Jack At
1
There are 1 best solutions below
Related Questions in C#
- How to call a C language function from x86 assembly code?
- What does: "char *argv[]" mean?
- User input sanitization program, which takes a specific amount of arguments and passes the execution to a bash script
- How to crop a BMP image in half using C
- How can I get the difference in minutes between two dates and hours?
- Why will this code compile although it defines two variables with the same name?
- Compiling eBPF program in Docker fails due to missing '__u64' type
- Why can't I use the file pointer after the first read attempt fails?
- #include Header files in C with definition too
- OpenCV2 on CLion
- What is causing the store latency in this program?
- How to refer to the filepath of test data in test sourcecode?
- 9 Digit Addresses in Hexadecimal System in MacOS
- My server TCP doesn't receive messages from the client in C
- Printing the characters obtained from the array s using printf?
Related Questions in PASSWORD-ENCRYPTION
- Encrypt data in flutter with a public key
- I am encrypting password using SHA2_256 hashbytes converter in SQL; now I want to see the orginal data
- Hoa can I get the session id and pass it to an encryption function?
- DB2 encrypt() problem with PHP and parameterised query
- JSR223 Pre Password Encryption database connection errors
- Problem in JSR223 script JSR223 Sampler:javax.script.ScriptException: groovy.lang.MissingMethodException: No signature of method:
- How to store key from an encrypted prepopulated db in an Android App
- EDR Detection For A Clear Password For Websphere Password
- App's PIN code resistance against Android's root user
- Should a password salt be stored in a database
- need help decoding using cryptography fernet
- How to Improve a Password Validation Function in PHP: Ensuring Strong Security and Proper Function Typing
- User Validation Node.js/MySql
- JMeter Password Encryption
- Laravel - Login Laravel - Passowrd HashBytes ('mD5')
Related Questions in RFC2898
- Encryption implementation corrupting only last few bytes
- Stuck with SHA1 on .NET Standard 2.0
- Translate from C# to Python | Rijndael, AES algorithms
- How many bytes should a password hash be when using Rfc2898DeriveBytes?
- Generate Rfc2898DeriveBytes key in JavaScript from C#
- Choosing salt and key size for Rfc2898DeriveBytes
- How to use CryptoJS in Angular 9 to get same encrypted string like C# Rfc2898DeriveBytes
- Converting .Net decryption to Java
- Create method like System.Web.Helpers.Crypto.HashPassword (ASP.NET) in nodejs?
- Replicating Asp.net Identity Password Hash to Chilkat
- Issue With Encrypted Password in C# using Rfc2898DeriveBytes and MSSQL
- AES 256 bit encryption with Rfc2898DeriveBytes
- Converting c# Rfc2898DeriveBytes encryption to PHP
- Rfc2898DeriveBytes for java?
- From C# encryption key derivation to Ruby (PBKDF2)
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Yes, that is the normal solution.
You run the function once passing in the user provided password, the saved salt, and the saved iteration count. Once you verify that the hashes match you compare the iteration count the user has to your global iteration count you use for new passwords. If the old count is lower you run the function again using the user provided password, a new salt1, and the new higher iteration count. You then update the hash, salt, and iteration count you have saved for that user.
To enforce the update you just have a variable in a config file on the server that you change every two years. That gets loaded to the global iteration count you use for new passwords when the program restarts after a config change. As people log in they get the new iteration count.
1: you don't have to do a new salt, but it does not hurt anything to do it.