Cryptography
Key Derivation Function (KDF)
Also known as: KDF, Key derivation
Definition
A cryptographic function that derives one or more strong cryptographic keys from a secret input such as a password, shared secret or master key.
Examples
- HKDF-Extract+Expand is used in TLS 1.3 to derive handshake and traffic secrets.
- Argon2id derives a 32-byte AES key from a user passphrase to unlock an encrypted vault.
Related terms
Argon2
A modern memory-hard password hashing function and KDF, winner of the 2015 Password Hashing Competition and specified in RFC 9106.
scrypt
A memory-hard password-based KDF designed by Colin Percival in 2009 and specified in RFC 7914, used for password hashing and for proof-of-work in some cryptocurrencies.
PBKDF2
A password-based key derivation function defined in PKCS #5 / RFC 8018 that applies a pseudorandom function with a configurable iteration count and salt.
HMAC
A keyed Message Authentication Code construction built on top of a cryptographic hash function, defined in RFC 2104 and FIPS 198-1.
Cryptographic Key
A high-entropy secret or public value that parameterizes a cryptographic algorithm to encrypt, decrypt, sign or authenticate data.
Session Key
A short-lived symmetric key used to protect a single communication session and then discarded.