How are you converting your salt to a byte array? If using UTF8 (like the below):
var l_saltBytes = Encoding.UTF8.GetBytes("test");
the result will be 4 bytes long - so this is expected - the salt needs to be bigger than 8 bytes. The salt is used with the password to create keys. If the salt is fewer than 8 bytes then it doesn't add enough randomness to the generated keys, so the result is very vulnerable to brute force attacks due to lack of entropy.
Page 5 of the RFC spec explains this in some detail:
https://www.rfc-editor.org/rfc/rfc2898.txt
Note the section:
1. It is difficult for an opponent to precompute all the keys
corresponding to a dictionary of passwords, or even the most
likely keys. If the salt is 64 bits long, for instance, there
will be as many as 2^64 keys for each password. An opponent is
thus limited to searching for passwords after a password-based
operation has been performed and the salt is known.
So even though this is an example, it talks about 64 bits long (there are 8 bits in a byte), and this has been taken as a sensible minimum within Rfc2898DeriveBytes.
A good salt needs to be at least this length, and should be random. Guids are quite often used (you can generate one using Guid.NewGuid().ToString() but will obviously need to save it to validate the password) - so to get your code working try using something like that - but it is by design that the salt must be at least 8 bytes in length.
The following works:
static void Main(string[] args)
{
string ConstantFatcorString = "1000";
var m_Password = "this is my passowrd";
var l_saltBytes = Encoding.UTF8.GetBytes("testtest");
byte[] l_bytes = null;
using (var pbkdf2 = new Rfc2898DeriveBytes(
m_Password,
l_saltBytes,
1000,
HashAlgorithmName.SHA256))
{
l_bytes = pbkdf2.GetBytes(32);
}
}
Please ensure you use a more sensible value for salt though for the reasons given :)