PasswordDeriveBytes vs Rfc2898DeriveBytes, Obsolete but way faster

Question

I\'m working on a encryption functionality based on classes inherited from SymmetricAlgorithm such as TripleDes, DES, etc.

Basically there\'re two options to generate co

Answer 1

They aren't the same thing.

Rfc2898DeriveBytes is an implementation of PBKDF2. PasswordDeriveBytes is an implementation of PBKDF1. PBKDF2 generates a different output, using a different method, and a much larger number of rounds than PBKDF1.

Password hashing functions, such as these, which are used for key derivation are supposed to be slow. That's the point - it makes them much more difficult to crack.

The two functions are not compatible, and PasswordDeriveBytes is not nearly as secure.