System.Security.Cryptography vs. Windows.Security.Cryptography

1) System.Security.Cryptography is not available on Windows Store Apps, so you will have to use Windows.Security.Cryptography. See link below for a good explanation on reusing class libraries for different target frameworks with .NET portable libraries. If needed, you could always inject an abstraction using your favorite IoC container.

http://www.hanselman.com/blog/HiddenGemsInVisualStudio11BetaNETPortableClassLibraries.aspx

2) I don't see an implementation of Rfc2898DeriveBytes in Windows.Security.Cryptography or something similar. See below.

http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.core.symmetricalgorithmnames.aspx

The Windows.Security.Cryptography and its sub-namespaces are probably the way to go.

See http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.core.cryptographicengine.derivekeymaterial.aspx for a way to derive key material using a couple of various algorithms.