PBKDF2

PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that applies a pseudorandom function (like HMAC) to a password along with a salt, repeated many times to produce a derived key. While widely supported, it's less resistant to GPU attacks than newer alternatives.

How PBKDF2 Works

DK = PBKDF2(PRF, Password, Salt, c, dkLen)

PRF: Pseudorandom function (usually HMAC-SHA256)
Password: User's password
Salt: Random value
c: Iteration count
dkLen: Desired key length

Usage Example

# Python
import hashlib
import os

password = b"secretpassword"
salt = os.urandom(16)
iterations = 600000

# Derive key
derived_key = hashlib.pbkdf2_hmac(
    'sha256',
    password,
    salt,
    iterations,
    dklen=32
)

Iteration Count Recommendations

• OWASP 2023: 600,000 iterations with SHA-256
• Django default: 600,000 (as of Django 4.1)
• Increase iterations as hardware improves
• Balance security with acceptable login delay

Limitations

• Not memory-hard - vulnerable to GPU/ASIC attacks
• Requires very high iteration counts for security
• Prefer Argon2, bcrypt, or scrypt when possible

When to Use PBKDF2

• FIPS compliance requirements
• Legacy system compatibility
• When modern alternatives unavailable

See Also

• Argon2
• bcrypt
• Password Salt