PasswordDeriveBytes vs Rfc2898DeriveBytes, Obsolete but way faster

Question

I\'m working on a encryption functionality based on classes inherited from SymmetricAlgorithm such as TripleDes, DES, etc.

Basically there\'re two options to generate co

Answer 1

I think you are missing the point of derivebytes. It is supposed to be slow. It intentionally uses slow algorithm which cannot be sped up by clever trick. The typical "number of iterations" parameter should be in 2^16-2^20 range and introduce a 0.1-0.5 second delay between user entering password and the key is generated. The intention is to defend against weak passwords selected by "lazy ignorant users" and slow down brute force search.