PBKDF2 With SHA-256 (And Others)

.NET has built-in class handling all your PBKDF2 needs. It is called Rfc2898DeriveBytes and it works as long as you stick to SHA-1 HMAC. If your needs move in direction of SHA-256, you are out of luck.

Therefore I created Pbkdf2 class that takes any HMAC algorithm (e.g. SHA-1, SHA-256 or SHA-512) as input and allows you to derive key based on it.

using (var hmac = new HMACSHA256()) {
var df = new Pbkdf2(hmac, password, salt, iterations);

Full code is available for download.

12 thoughts to “PBKDF2 With SHA-256 (And Others)”

  1. Hello Josip,
    I have just tried your code, really great stuff. I am looking to use this in a commercial app, would this be available under an MIT or Microsoft Public licence?
    Many Thanks,

      1. Hi, Josip

        To use pbkdf2 along with sha512 algorithm should I just substitute “hmac = new HMACSHA256() ” for “hmac = new HMACSHA512()” ? Or this code only works for pbkdf2 + sha256?

        Also, I didn’t understand in which part of your code shows the implementation/call of the pbkdf2 algorithm.

        Thank you.

        1. Hi,

          you are correct about substitution.
          No code written here shows pbkdf2 in action since it is just an excerpt. In order to see full code, just download source (link is at end of text).

  2. Hi, Josip

    Thank you for your quick answer. If you don’t mind I have another question. If I use the SHA256 algorithm then I would have a hash of 32 bytes, but is it correct to receive 64 bytes even if I use 64 as a parameter of the hash.getBytes(64) function? I don’t understand why. O thought SHA256 should always return 32 bytes. What’s the explanation?

    Thank you in advance.


  3. Hi Josip,
    I’ve got a django-app which encrypts the passwords with pbkdf2_sha256. So I thought I could use your C#-Class for a little tool which can change the passwords.

    But here is the problem. When I use your class with hmacsha256-algo. I got a wrong hash.
    I also asked about this problem on stackoverflow. Can you tell me please where my problem is?

    Thank you in advance

    1. I gave you answer on Stack Overflow too. But gist of it is that you should convert it to base-64 directly instead of going through hexadecimal conversion step. Also notice that Java class adds parameter prefix to output (“pbkdf2_sha256$12000$FbSnXHPo12gb$” in your example) while my class gives you only hash. If you need that prefix, you would need to do extending of my class.

  4. Hi Josip,

    I´m using your code for a part of my bachelors thesis and it works fine.
    I´m creating a user log in application. I managed it to encrypt the password after creating a new user. This hash is stored in in my database as a string. Now I want to check if a user and the password he typed in match with a user in my database. The users choosen nickname is unique and a primary key. I tried to encrypt the password of the log in window again and i got another hash-string.
    Do you have a suggestion how I can deal with this programm?

    Thank you in advance


    1. Assuming you have same password, salt, and iterations count, you should see the same result in both cases. It is hard to tell what went wrong in your particular application without seeing the code doing actual hashing.

      1. Thank you for your quick answer. I found the mistake I made. I used only your class and didn´t had a look at your app. So I didn´t use the using-directive. Now it works perfect.

Leave a Reply

Your email address will not be published. Required fields are marked *