PBKDF2
Password-Based Key Derivation Function 2: a slow hash that iterates HMAC many times to derive a key from a password, the FIPS-approved option for password storage.
PBKDF2 (Password-Based Key Derivation Function 2) derives a cryptographic key from a password by running HMAC (usually HMAC-SHA-256 or HMAC-SHA-512) for a configurable number of iterations, with a salt mixed in. OWASP currently recommends at least 600,000 iterations for PBKDF2-HMAC-SHA-256. It is the only password-hashing function approved by FIPS 140, which is why it stays in heavy use for compliance-driven systems (1Password, LastPass, Wi-Fi WPA2-PSK, macOS FileVault). The weakness compared to Argon2 and scrypt is that PBKDF2 is not memory-hard, so attackers with GPUs and ASICs scale linearly with hardware spend.
Reference
Related terms
See also
Referenced on
- Argon2 Hash Generator
- Bcrypt Generator & Verifier
- Django Password Hash Generator
- Drupal Password Hash Generator
- HMAC Generator
- Linux Shadow Hash Generator
- Password Tools
- PBKDF2 Generator
- PostgreSQL Password Hash Generator
- Scrypt Hash Generator
- SHA-512 Generator
- WiFi Password Generator
- WordPress Password Hash Generator