icon

PBKDF2

Last modified: 2024-08-28

PBKDF2 is a key derivation function in cryptography, originally defined in version 2.0 of the PKCS#5 standard in RFC2898. It’s used for reducing vulnerabilities to brute force attacks.

Algorithm Format

# Algorithm
pbkdf2$<iteration>$<salt-length>

# e.g.
pbkdf2$10000$50

PBKDF2-HMAC-SHA256

PBKDF2 is part of PKCS#5 v2.0. The format is as follows:

sha256:<iteration>:<base64-salt>:<base64-password-hash>

# ex.
sha256:10000:ayZoqdmIewDpUB:Ud6aAhvpw9RqZPt/0Rd0U9uPDKLOWKnYHAS+Lm07oqDWwDLw/U74P0jXQ0nsGW9O/jc=

To create the hash based on this, run the following commands.

echo 'sha256:10000:'$(echo '<salt-string>' | base64 | cut -c 1-14)':'$(echo 'password-string' | base64) > hash.txt

Now crack the hash using Hashcat.

hashcat -m 10900 hash.txt wordlist.txt

Using PBKDF2 in Python

Reference: Pycryptodome Official Docs

We can use PBKDF2 easily thanks of Pycryptodome.
We need to install it first.

pip install pycryptodome

Below is a Python script to derive keys from a password with PBKDF2.

from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import SHA512
from Crypto.Random import get_random_bytes

password = b'secret'
salt = get_random_bytes(16)
keys = PBKDF2(password, salt, 64, count=1000000, hmac_hash_module=SHA512)
key1 = keys[:32]
key2 = keys[32:]
print(f"key1: {key1.hex()}")
print(f"key2: {key2.hex()}")