PBKDF2 Key Derivation

RFC 2898 PKCS#5 HMAC-based
Anish Nath
Derive Key from Password
Hash Algorithms (select one or more)
Password
Salt (Base64)
Minimum 16 bytes recommended. Click refresh for random salt.
Security Presets
Parameters
OWASP recommends 600,000+ for SHA-256
32 bytes = 256 bits (AES-256)
Security Note: Key derivation is performed server-side. For production use, always derive keys locally.
Derived Key Output

Derived key will appear here

Enter a password and click Derive Key
OWASP Recommendations (2023)
Algorithm Min Iterations Notes
PBKDF2-HMAC-SHA1 1,300,000 Legacy, avoid for new apps
PBKDF2-HMAC-SHA256 600,000 Recommended default
PBKDF2-HMAC-SHA512 210,000 Faster on 64-bit systems
OpenSSL Commands
Derive Key with PBKDF2 (OpenSSL 3.0+)
# Derive 256-bit key using PBKDF2-HMAC-SHA256
$ openssl kdf -keylen 32 -kdfopt digest:SHA256 \
-kdfopt pass:password -kdfopt salt:hex:0102030405060708 \
-kdfopt iter:100000 PBKDF2
Related Key Derivation & Hashing Tools
Argon2

PHC winner, memory-hard KDF
Scrypt

Memory-hard key derivation
BCrypt

Blowfish-based password hashing
PBE Encryption

Password-based encryption
HMAC Generator

Generate HMAC signatures
HKDF

HMAC-based key derivation

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.
Understanding PBKDF2
What is PBKDF2?

PBKDF2 (Password-Based Key Derivation Function 2) is defined in RFC 2898 and PKCS#5. It derives a cryptographic key from a password by applying a pseudorandom function (typically HMAC) with a salt value, repeating this process many times (iterations) to increase the computational cost of brute-force attacks.

How PBKDF2 Works
1. Password
User's secret input
2. Salt
Random value to prevent rainbow tables
3. Iterate
Repeat HMAC many times
4. Derived Key
Cryptographic key output
PBKDF2 Formula
DK = PBKDF2(PRF, Password, Salt, c, dkLen)
  • PRF - Pseudorandom function (e.g., HMAC-SHA256)
  • Password - Master password
  • Salt - Random salt (min 16 bytes recommended)
  • c - Iteration count
  • dkLen - Desired key length in bytes
PBKDF2 vs Other KDFs
Algorithm Memory-Hard GPU Resistant Standard Recommendation
PBKDF2 No Low RFC 2898 Legacy compatibility only
BCrypt 4KB Medium De facto Still acceptable
Scrypt Yes High RFC 7914 Good choice
Argon2id Yes High RFC 9106 Best for new apps
Code Examples

Python (hashlib)

import hashlib
import os

password = b"secret"
salt = os.urandom(16)
key = hashlib.pbkdf2_hmac(
    'sha256', password, salt,
    iterations=600000, dklen=32
)

Node.js (crypto)

const crypto = require('crypto');

const key = crypto.pbkdf2Sync(
    'password', salt,
    600000, 32, 'sha256'
);

Java

SecretKeyFactory f = SecretKeyFactory
    .getInstance("PBKDF2WithHmacSHA256");
KeySpec spec = new PBEKeySpec(
    password, salt, 600000, 256);
SecretKey key = f.generateSecret(spec);

Go

import "golang.org/x/crypto/pbkdf2"

key := pbkdf2.Key(
    []byte("password"), salt,
    600000, 32, sha256.New,
)
When to use PBKDF2: Use PBKDF2 when you need compatibility with older systems, standards compliance (FIPS 140-2), or when memory-hard functions aren't available. For new applications, prefer Argon2id.
Quick Access