include::../description.adoc[]

include::../recommended.adoc[]

== Noncompliant Code Example

----
Public Sub Hash(Password As String)
    Dim Salt As Byte() = Encoding.UTF8.GetBytes("Hardcoded salt")
    Dim FromHardcoded As New Rfc2898DeriveBytes(Password, Salt) ' Noncompliant, salt Is hardcoded

    Salt = Encoding.UTF8.GetBytes(Password)
    Dim FromPassword As New Rfc2898DeriveBytes(Password, Salt)  ' Noncompliant, password should Not be used As a salt As it makes it predictable

    Dim ShortSalt(7) As Byte
    RandomNumberGenerator.Create().GetBytes(ShortSalt)
    Dim FromShort As New Rfc2898DeriveBytes(Password, ShortSalt) ' Noncompliant, salt Is too Short (should be at least 32 bytes, Not 8)
End Sub
----

== Compliant Solution

----
Public Function Hash(Password As String) As DeriveBytes
    Return New Rfc2898DeriveBytes(Password, 64)
End Function
----

include::../see.adoc[]