Skip to content

Use the framework implementation of PBKDF2/RFC2898 #30941

New issue
New issue
Closed
#31200
Closed
Use the framework implementation of PBKDF2/RFC2898#30941
#31200
Assignees
HaoK
Labels
✔️ Resolution: FixedThe bug or enhancement requested in this issue has been checked-in!DoneThis issue has been fixedaffected-mostThis issue impacts most of the customersarea-dataprotectionIncludes: DataProtectionenhancementThis issue represents an ask for new feature or an enhancement to an existing oneseverity-majorThis label is used by an internal tool
Milestone
 
6.0-preview4
@omajid

Description

@omajid
omajid
opened on Mar 15, 2021

This is a follow up from aspnet/DataProtection#272, #2508 and dotnet/runtime#24897.

ASP.NET has its own implementation of RFC2898 because it needs top-of-the-line performance for password hashing in order to have acceptable latency for login scenarios. If we bring these performance improvements to the framework's implementation of these APIs, ASP.NET can remove its own implementation and rely on the standard classes.

This was recently fixed via dotnet/runtime#48107.

This bug/feature-request is to track that ASP.NET Core picks up and uses that API and removes its duplicate implementation.

cc @bartonjs @blowdart @GrabYourPitchforks @tmds @Tornhoof @vcsjones

Metadata

Metadata

Assignees

Labels

✔️ Resolution: FixedThe bug or enhancement requested in this issue has been checked-in!DoneThis issue has been fixedaffected-mostThis issue impacts most of the customersarea-dataprotectionIncludes: DataProtectionenhancementThis issue represents an ask for new feature or an enhancement to an existing oneseverity-majorThis label is used by an internal tool

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions