PBKDF2
Last modified: 2024-08-28
PBKDF2 is a key derivation function in cryptography, originally defined in version 2.0 of the PKCS#5 standard in RFC2898. It’s used for reducing vulnerabilities to brute force attacks.
Algorithm Format
# Algorithm
pbkdf2$<iteration>$<salt-length>
# e.g.
pbkdf2$10000$50
PBKDF2-HMAC-SHA256
PBKDF2 is part of PKCS#5 v2.0. The format is as follows:
sha256:<iteration>:<base64-salt>:<base64-password-hash>
# ex.
sha256:10000:ayZoqdmIewDpUB:Ud6aAhvpw9RqZPt/0Rd0U9uPDKLOWKnYHAS+Lm07oqDWwDLw/U74P0jXQ0nsGW9O/jc=
To create the hash based on this, run the following commands.
echo 'sha256:10000:'$(echo '<salt-string>' | base64 | cut -c 1-14)':'$(echo 'password-string' | base64) > hash.txt
Now crack the hash using Hashcat.
hashcat -m 10900 hash.txt wordlist.txt
Using PBKDF2 in Python
Reference: Pycryptodome Official Docs
We can use PBKDF2 easily thanks of Pycryptodome.
We need to install it first.
pip install pycryptodome
Below is a Python script to derive keys from a password with PBKDF2.
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import SHA512
from Crypto.Random import get_random_bytes
password = b'secret'
salt = get_random_bytes(16)
keys = PBKDF2(password, salt, 64, count=1000000, hmac_hash_module=SHA512)
key1 = keys[:32]
key2 = keys[32:]
print(f"key1: {key1.hex()}")
print(f"key2: {key2.hex()}")