Why do I need to use the Rfc2898DeriveBytes class (in .NET) instead of directly using the password as a key or IV?
You really, really do not want to use a user password directly as a crypto key, especially with AES. Rfc2898DeriveBytes is an implementation of PBKDF2. What it does is repeatedly hash the user password along with the salt. This has multiple benefits: Firstly, you can use arbitrarily sized passwords – AES only supports specific key … Read more