1

Is the following algorithm, using RNGCryptoServiceProvider & Rfc2898DeriveBytes, sufficient to implement a FIPS 140-2 password hash on Windows Server 2008R2?

var provider = new System.Security.Cryptography.RNGCryptoServiceProvider();
byte[] salt = new byte[8];
provider.GetBytes(salt);
var iterations = 100000;
var pbkdf2 = new System.Security.Cryptography.Rfc2898DeriveBytes(password, salt, iterations);
var hash = pbkdf2.GetBytes(32);

https://stackoverflow.com/questions/3811694/is-rngcryptoserviceprovider-as-good-as-a-hardware-rng Reference implementation of C# password hashing and verification

Brian Watson
  • 11
  • 1
  • 2
  • On a more practical side, it's recommended to use 16 byte salts and you should not output more than the output size of the underlying hash (20 bytes in your case, since it's based on SHA1), else the attacker gets a speedup but the defender does not. – CodesInChaos Apr 21 '14 at 08:41

1 Answers1

2

Password hashes are, in and of themselves, not part of FIPS 140-2.

To try to answer anyway, that depends - do you just need to use FIPS 140-2 algorithms? For hashing, that's SHA-1 and the SHA-2 family. For a random number generator, FIPS 140-2 doesn't apply - those are in completely separate NIST special publications.

RFC2898DeriveBytes is PBKDF2-HMAC-SHA-1; there are also nonvalidated C# example of PBKDF2-HMAC-SHA-256/384/512 by @JimmiTh at my GitHub collection, if you'd like to use those as well.

If you actually need to use FIPS 140-2 validated solutions, first you need to know what level validation you need (level 1, 2, 3 or 4), and then you need to find solutions that were validated by NIST at that level.

In both cases, you need to dive into precisely what "password hashing" means in the context of FIPS 140-2, since "password hashing" itself isn't part of FIPS 140-2. Get legal or regulatory advice on exactly how you're allowed to use the algorithms FIPS 140-2 details; PBKDF2-HMAC-SHA-xxx is probably allowed, but make certain.

It's possible that your organization's interpretation of the letter of whatever regulations are pointing them at FIPS 140-2 contradicts normal best practices. Once you're referring to any national government's standards, you need to know much more about the requirements.

Anti-weakpasswords
  • 9,850
  • 2
  • 24
  • 52