include::../description.adoc[]

include::../recommended.adoc[]

== Noncompliant Code Example

[source,csharp]
----
public void Hash(string password)
{
    var salt = Encoding.UTF8.GetBytes("Hardcoded salt");
    var fromHardcoded = new Rfc2898DeriveBytes(password, salt);     // Noncompliant, salt is hardcoded

    salt = Encoding.UTF8.GetBytes(password);
    var fromPassword = new Rfc2898DeriveBytes(password, salt);     // Noncompliant, password should not be used as a salt as it makes it predictable

    var shortSalt = new byte[8];
    RandomNumberGenerator.Create().GetBytes(shortSalt);
    var fromShort = new Rfc2898DeriveBytes(password, shortSalt);   // Noncompliant, salt is too short (should be at least 16 bytes, not 8)
}
----

== Compliant Solution

[source,csharp]
----
public DeriveBytes Hash(string password)
{
    return new Rfc2898DeriveBytes(password, 16);
}
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]