Skip to content

Remove use of BCryptDeriveKeyPBKDF2. #122812

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vcsjones wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Remove use of BCryptDeriveKeyPBKDF2. #122812

vcsjones wants to merge 1 commit into from
+1 −78

Conversation

@vcsjones
Copy link
Member

@vcsjones vcsjones commented Jan 1, 2026

BCryptDeriveKeyPBKDF2 is only used on Windows 7, which is now totally unsupported.

Contributes to #71075.

@vcsjones
Remove use of BCryptDeriveKeyPBKDF2.
4008ba0 
BCryptDeriveKeyPBKDF2 is only used on Windows 7, which is now totally unsupported.
Copilot AI review requested due to automatic review settings January 1, 2026 03:32
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Jan 1, 2026

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Copilot AI reviewed Jan 1, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes support for BCryptDeriveKeyPBKDF2, which was only used on Windows 7 (now unsupported). The implementation now exclusively uses BCryptKeyDerivation, which has been available since Windows 8 and offers better performance.

Key changes:

  • Removed conditional logic that selected between BCryptDeriveKeyPBKDF2 (Windows 7) and BCryptKeyDerivation (Windows 8+)
  • Eliminated the FillDeriveKeyPBKDF2 method entirely
  • Removed the BCryptDeriveKeyPBKDF2 P/Invoke interop definition

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
Pbkdf2Implementation.Windows.cs Removed Windows 7 compatibility code path, version check, and FillDeriveKeyPBKDF2 method; simplified to always use FillKeyDerivation
System.Security.Cryptography.csproj Removed compilation reference to the BCryptDeriveKeyPBKDF2 interop file
Interop.BCryptDeriveKeyPBKDF2.cs Deleted the P/Invoke definition file that is no longer needed

The changes are clean and complete. All references to the removed functionality have been eliminated from the codebase, and the simplified code path now directly calls FillKeyDerivation which uses BCryptKeyDerivation. There is one informational comment in a test file (Rfc2898Tests.cs line 551) that mentions BCryptDeriveKeyPBKDF2, but this is just documenting the source of a test vector and does not need to be updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@vcsjones vcsjones

Labels

area-System.Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vcsjones