PBKDF2, PBKDF2 password-based key derivation
Technical Specifications
- Output Length:
- Configurable (default: 256 bit)
- Security Level:
- High - Resistant to brute-force attacks
- Hash Function:
- HMAC (typically HMAC-SHA256 or HMAC-SHA512)
- Parameters:
- Password, salt (random), iterations (count)
Usage Areas
- Password hashing and storage
- Key derivation
- Cryptographic key generation
- Password-based encryption systems
Features
- Iterations count: Can be increased to improve security
- Salt usage: Unique salt should be used for each password
- Brute-force protection: Attack time increases with iteration count
- Configurable output: Can generate keys of desired length
- Standard algorithm: Widely accepted KDF standard
Standards and References
- RFC 2898 (PKCS #5: Password-Based Cryptography Specification)
- PKCS #5 v2.1
- NIST SP 800-132
⚠️ Important Warnings
- Iterations count should be sufficiently high (minimum 100,000, preferably 1,000,000+)
- Salt should always be random and unique
- Modern applications may prefer more secure KDFs like Argon2 or scrypt
- Passwords should never be stored in plain text