在c＃和pbkdf2中使用Rfc2898DeriveBytes生成相同的密鑰

Question

爲什麼Rfc2898DeriveBytes在C＃中和pbkdf2中go lang生成不同的密鑰？

我C＃代碼

using System; 
using System.Security.Cryptography; 
using System.Text; 

public class Test 
{ 
     private static byte[] passBytes = new byte[] 
     {164,176,124,62,244,154,226,211,177,90,202,180,12,142,25,225}; 

     private static byte[] saltBytes = new byte[] 
     {173,205,190,172,239,190,242,63,219,205,173,196,218,171,142,214}; 

     public static byte[] GetKey() 
     { 
      var key = new Rfc2898DeriveBytes(Encoding.UTF8.GetString(passBytes, 0, 16), saltBytes).GetBytes(16); 
      return key; 
     } 

    public static void Main() 
    { 
     System.Console.WriteLine(Convert.ToBase64String(GetKey())); 
    } 
} 

輸出： 77U85CphtSEwPP9a2T/JAQ ==

---

golang代碼

package main 

import (

    b64 "encoding/base64" 
    "golang.org/x/crypto/pbkdf2" 
    "crypto/sha1" 

) 

var (
    pass[]byte = []byte{164,176,124,62,244,154,226,211,177,90,202,180,12,142,25,225} 
    salt[]byte = []byte{173,205,190,172,239,190,242,63,219,205,173,196,218,171,142,214} 
) 


func getKey() (key[]byte){ 
    key = pbkdf2.Key(pass,salt,1000,16,sha1.New) 
    return 
} 


func main() { 
    print(b64.StdEncoding.EncodeToString(getKey())) 
} 

輸出： hnuuu + he4aF7vAzA8rfQtw ==

有什麼不同，我必須做的？

Answer 1

在初始化C＃實例時，您正在使用不同的變體（構造函數採用UTF-8 string）。另外，正如zaph已經指出的那樣，您需要對C＃和golang代碼使用相同的迭代計數。 golang版本的[]byte參數均爲密碼和鹽，而C＃對應版本爲Rfc2898DeriveBytes Constructor (Byte[] password, Byte[] salt, Int32 iterations)。

byte[] passBytes = new byte[] 
    {164,176,124,62,244,154,226,211,177,90,202,180,12,142,25,225}; 

byte[] saltBytes = new byte[] 
    {173,205,190,172,239,190,242,63,219,205,173,196,218,171,142,214}; 

var pbkdf2 = new Rfc2898DeriveBytes(passBytes, saltBytes, 1000); 
var key = Convert.ToBase64String(pbkdf2.GetBytes(16)); 

上述代碼的輸出與golang版本相同。