Glossary

Learn about data security, encryption, hashing and encoding in our knowledge base.

Key derivation function

A key derivation function (KDF) is a function that is used to derive a cryptographic key from a password or other input data. KDFs are commonly used to strengthen the security of passwords by adding an additional layer of protection.

KDFs work by taking the input data, such as a password, and running it through a series of mathematical operations to generate the key. The key is then used to encrypt or decrypt data.

There are several types of KDFs, including:

  • PBKDF2 (Password-Based Key Derivation Function 2): This is a widely used KDF that is designed to be resistant to attacks such as dictionary attacks and brute-force attacks. It works by iteratively applying a cryptographic hash function to the password, using a salt value to increase the difficulty of the attack.

  • Argon2: This is a newer KDF that is designed to be more resistant to attacks than PBKDF2. It includes several features, such as parallelism and memory hardening, that make it more difficult for attackers to crack the password.

  • Scrypt: This is another KDF that is designed to be resistant to attacks by requiring a large amount of memory to compute the key. This makes it more difficult for attackers to use specialized hardware to crack the password.

KDFs are an important tool for improving the security of passwords and other data. By adding an additional layer of protection, KDFs help to ensure that even if the password is compromised, the data remains secure.