Home

kdf

A key derivation function (KDF) is a cryptographic primitive used to derive secret keys from a secret value such as a password, a master key, or a shared secret. A KDF is designed to be deterministic, producing a key of a specified length, while incorporating random-looking input like a salt and, often, a computational cost parameter to slow down brute-force attacks.

There are two broad categories. Password-based KDFs, such as PBKDF2, scrypt, and Argon2, aim to convert a

How it works: a KDF takes as input a secret (password or key material), a salt, and

Security considerations: parameter choice is important; use strong, unique salts, sufficiently large iteration counts for passwords,

Standards and usage: PBKDF2 (RFC 8018), scrypt, Argon2, and HKDF (RFC 5869) are widely used. KDFs underpin

password
into
a
cryptographic
key
suitable
for
encryption
or
authentication.
General-purpose
KDFs,
such
as
HKDF,
derive
keys
from
any
initial
keying
material
using
an
extract-and-expand
process;
HKDF
is
widely
used
in
protocols
including
TLS
and
IPsec.
a
desired
output
length,
plus
optional
context
information
and
a
work
parameter.
The
salt
prevents
precomputation
attacks;
the
work
parameter
(iterations
or
memory
cost)
makes
brute-force
more
expensive.
The
function
outputs
a
fixed-length
key
that
should
be
uniformly
random
if
the
input
is
random.
and
memory-hard
schemes
for
password
storage.
Do
not
reuse
salts
across
identities
or
data
sets.
Store
the
salt
with
the
derived
key
or
elsewhere
accessible
to
legitimate
parties.
password
hashing,
key
management,
and
key
derivation
for
secure
channels
such
as
TLS.
They
are
typically
selected
to
balance
security
and
performance
for
the
specific
application.