PBKDF2
What is PBKDF2?
PBKDF2A password-based key derivation function defined in PKCS #5 / RFC 8018 that applies a pseudorandom function with a configurable iteration count and salt.
PBKDF2 (Password-Based Key Derivation Function 2) is defined in PKCS #5 v2.1 / RFC 8018 and derives a cryptographic key from a password by repeatedly applying a pseudorandom function, typically HMAC-SHA-256 or HMAC-SHA-512, to the password and a salt for a configurable number of iterations. The slow iteration count and per-user salt make precomputed-table and brute-force attacks more expensive. PBKDF2 is widely deployed (WPA2, iOS/macOS, TLS, LUKS, 1Password) and remains FIPS-approved, but it is only CPU-hard, so GPU and ASIC attackers gain a large advantage versus memory-hard functions. For new systems Argon2id or scrypt are preferred; OWASP recommends at least 600,000 iterations of PBKDF2-HMAC-SHA-256 in 2025.
● Examples
- 01
WPA2 derives the pairwise master key with PBKDF2-HMAC-SHA-1 at 4096 iterations over the SSID and passphrase.
- 02
1Password and LastPass historically used PBKDF2-HMAC-SHA-256 to derive vault keys from master passwords.
● Frequently asked questions
What is PBKDF2?
A password-based key derivation function defined in PKCS #5 / RFC 8018 that applies a pseudorandom function with a configurable iteration count and salt. It belongs to the Cryptography category of cybersecurity.
What does PBKDF2 mean?
A password-based key derivation function defined in PKCS #5 / RFC 8018 that applies a pseudorandom function with a configurable iteration count and salt.
How do you defend against PBKDF2?
Defences for PBKDF2 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for PBKDF2?
Common alternative names include: Password-Based KDF 2, PKCS #5 v2.1.