Cryptography
PBKDF2
Also known as: Password-Based KDF 2, PKCS #5 v2.1
Definition
A password-based key derivation function defined in PKCS #5 / RFC 8018 that applies a pseudorandom function with a configurable iteration count and salt.
Examples
- WPA2 derives the pairwise master key with PBKDF2-HMAC-SHA-1 at 4096 iterations over the SSID and passphrase.
- 1Password and LastPass historically used PBKDF2-HMAC-SHA-256 to derive vault keys from master passwords.
Related terms
Key Derivation Function (KDF)
A cryptographic function that derives one or more strong cryptographic keys from a secret input such as a password, shared secret or master key.
Argon2
A modern memory-hard password hashing function and KDF, winner of the 2015 Password Hashing Competition and specified in RFC 9106.
scrypt
A memory-hard password-based KDF designed by Colin Percival in 2009 and specified in RFC 7914, used for password hashing and for proof-of-work in some cryptocurrencies.
bcrypt
An adaptive password-hashing function based on the Blowfish cipher with a tunable cost factor, designed by Provos and Mazières in 1999.
HMAC
A keyed Message Authentication Code construction built on top of a cryptographic hash function, defined in RFC 2104 and FIPS 198-1.
Salt
A unique random value combined with a password before hashing to defeat rainbow tables and ensure each user's hash is distinct.