I want to hash some passwords in my Project with .NET Framework Version 4.8 using PBKDF2, since it is the only algorithm that is natively implemented. So I coded a class hashing passwords with the recommended iteration count. (In my case SHA256 with 600.000 iterations). Testing the code I noticed that it takes about 1.5 sec to hash a single password, so I tested the code in LINQPad 8 (.NET 8) where the same code runs in 0.5 sec. Out of curiosity I rerun the same Code in LINQPAD 5 (.NET Framework 4.8), where it also took me 1.5 sec. Leaving me with the conclusion that the poor performance stems form the implementation of PBKDF2 in earlier .NET versions. Searching the web has not given me a lot of information, except that there were some performance improvements along the .NET Versions. Am I right with my Conclusion? Is there anything I can do without upgrading the .NET Version or using a 3rd Party package/ AspNetCore.Identity?
LINQPad Code:
byte[] salt = new byte[32]; System.Security.Cryptography.RandomNumberGenerator.Create().GetBytes(salt); var pwhash = new System.Security.Cryptography.Rfc2898DeriveBytes("passwd", salt, 600000, System.Security.Cryptography.HashAlgorithmName.SHA256).GetBytes(32); pwhash.Dump();