KDFs hash-wasm kdf

PBKDF2 Generator - Password-Based Key Derivation

Generate secure keys from passwords using PBKDF2 - the industry standard for password-based key derivation.

What Is PBKDF2?

PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function specified in PKCS #5 and updated by RFC 8018, using HMAC with configurable iterations to slow down brute-force attacks and derive secure keys from passwords.

Specifications

Output Size Variable

Standard RFC 8018 (PKCS #5 v2.1)

Standard Year 2017

Origin RFC 2898 (PKCS #5 v2.0)

Origin Year 2000

Use Cases

Password hashing for user authentication
Deriving encryption keys from passwords
WiFi WPA/WPA2 key derivation
Apple iOS keychain encryption
Legacy password storage systems

!

Security Notice

PBKDF2 requires high iteration counts (100,000+) for security. For new systems, consider Argon2id as a more modern alternative.

Implementation Notes

Practical usage details for this browser-based PBKDF2 tool.

How to Generate a PBKDF2 derived value

Choose UTF-8, Hex, Base64 input mode.
Enter the text or encoded bytes you want to process.
Adjust the PBKDF2 options if your use case requires non-default settings.
Click Generate PBKDF2 Derived Value and copy the result.

Example Input

Sample input:

abc

Use this sample input, then copy the generated derived value from the result panel.

When Not to Use PBKDF2

Do not use it when your workflow requires very fast computation.
Do not use it with iteration counts too low for the threat model.

Recommended Alternatives

Recommended migration target: Argon2id. PBKDF2 is still secure but memory-hard alternatives are preferred.

Frequently Asked Questions

How many iterations should I use for PBKDF2 in 2024?

Why should I prefer Argon2id over PBKDF2 for new projects?

Which hash function should I use with PBKDF2?