Last modified: 2023-08-06

Cryptography Key Derivation Function

PBKDF2 is a key derivation function in cryptography, originally defined in version 2.0 of the PKCS#5 standard in RFC2898. It’s used for reducing vulnerabilities to brute force attacks.


PBKDF2 is part of PKCS#5 v2.0. The format is as follows:


# ex.

To create the hash based on this, run the following commands.

echo 'sha256:10000:'$(echo '<salt-string>' | base64 | cut -c 1-14)':'$(echo 'password-string' | base64) > hash.txt

Now crack the hash using Hashcat.

hashcat -m 10900 wordlist.txt hash.txt

Using PBKDF2 in Python

Reference: Pycryptodome Official Docs

We can use PBKDF2 easily thanks of Pycryptodome.
We need to install it first.

pip install pycryptodome

Below is a Python script to derive keys from a password with PBKDF2.

from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import SHA512
from Crypto.Random import get_random_bytes

password = b'secret'
salt = get_random_bytes(16)
keys = PBKDF2(password, salt, 64, count=1000000, hmac_hash_module=SHA512)
key1 = keys[:32]
key2 = keys[32:]
print(f"key1: {key1.hex()}")
print(f"key2: {key2.hex()}")