IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [pbkdf2]

PBKDF2 is a key derivation and strengthening function, commonly used for password storage.

PBKDF2 is a key derivation and strengthening function. It is defined by PKCS#5 and RFC 2898.

PBKDF2 applies many rounds of a pseudorandom function (typically a ) together with a salt value to make it hard to precompute values or parallelize computations. It is commonly to store .

Alternatives include and .

Further reading

169 questions
225
votes
4 answers

Recommended # of iterations when using PBKDF2-SHA256?

I'm curious if anyone has any advice or points of reference when it comes to determining how many iterations is 'good enough' when using PBKDF2 (specifically with SHA-256). Certainly, 'good enough' is subjective and hard to define, varies by…
Tails
  • 2,438
  • 3
  • 14
  • 10
98
votes
3 answers

What's the advantage of using PBKDF2 vs SHA256 to generate an AES encryption key from a passphrase?

I'm looking at two comparable pieces of software which encrypt data on disk using a passphrase. One uses PBKDF2 to generate the encryption key from a passphrase, while the other uses two rounds of SHA256. What's the difference? Is one preferred over…
Andrey Fedorov
  • 1,303
  • 1
  • 10
  • 12
47
votes
2 answers

Are there more modern password hashing methods than bcrypt and scrypt?

This question made me start thinking about password hashing again. I currently use bcrypt (specifically py-bcrypt). I've heard a lot about PBKDF2, and scrypt. What I'm wondering is if there are any "more modern" password hashing methods that I might…
Brendan Long
  • 2,878
  • 1
  • 19
  • 27
38
votes
8 answers

Client side password hashing

Edit: Updated to put more emphasis on the goal - peace of mind for the user, and not beefing up the security. After reading through a few discussions here about client side hashing of passwords, I'm still wondering whether it might be OK to use it…
Foy Stip
  • 391
  • 1
  • 3
  • 7
34
votes
5 answers

Is it possible to increase the cost of BCrypt or PBKDF2 when its already calculated and without the original password?

I just wanted to know if you can increase the cost (iterations) of those two algorithms off-line. I want to increase the cost every year of my users passwords. One solution is to recalculate them when the user logs in, but a user may have not logged…
skantos
  • 441
  • 4
  • 3
30
votes
3 answers

With PBKDF2, what is an optimal Hash size in bytes? What about the size of the salt?

When creating a hash with PBKDF2, it allows the developer to choose the size of the hash. Is longer always better? Also, what about the size of the random salt? Should that be the same size as the hash? EDIT: Particularly in hashing passwords.
blesh
  • 485
  • 1
  • 4
  • 9
21
votes
4 answers

At what point does adding more iterations to PBKDF2 provide no extra security?

If my true passphrase is used only to generate a hash which is used as the cipher's actual key, doesn't that mean it's possible to try and brute force the cipher itself? I know it would take an impossibly long time either way, but at what point…
kkarl88
  • 291
  • 3
  • 6
17
votes
2 answers

Is it safe to use PBKDF2 for hashing?

I would like to get a few opinions on whether it would be safe or not to use PBKDF2 to generate a hash of a password. For my purposes I'd like to assume that the hash itself will be posted on the White House Twitter page (in other words it will be…
Razick
  • 357
  • 1
  • 2
  • 7
15
votes
4 answers

PBKDF2 usage will slow REST API down?

When implementing password hashing using PBKDF2 for authenticating access to a REST api,when we say that PBKDF2 is slow does it mean that it's going to take a lot of time to hash the password and validate it, therefore the service not being…
microwth
  • 2,101
  • 2
  • 14
  • 19
14
votes
2 answers

Why should I choose SHA (such as SHa-512), instead of bcrypt or PBKDF2, for FIPS-compliance?

Due to regulation, my company needs to be FIPS-compliant. I was looking at the current list of FIPS-approved cryptographical methods and I notice that neither bcrypt or PBKDF2 are in this list. Does that mean I should use salted SHA-512 for…
John Assymptoth
  • 241
  • 2
  • 5
14
votes
4 answers

Challenging challenge: client-side password hashing and server-side password verification

We have a website where users need to log in to access privileged information. Obviously we are using SSL, but I also want to avoid plaintext passwords from accidently ending up in server logs, or wandering eyes of administrators. Therefore, I want…
Jason Smith
  • 1,551
  • 2
  • 11
  • 12
12
votes
5 answers

Gold Standard for password hashing

I've developing a web application that will be dealing with highly sensitive information and I want to ensure the hashing of passwords is gold standard. Ideally I'd go for per-user salted SHA512 using PBKDF2 to carry out multiple iterations of the…
Drunk Goldfish
  • 123
  • 1
  • 5
12
votes
3 answers

Parameters for PBKDF2 for password hashing

I use PBKDF2 with SHA-256 to store hashes of passwords. I use the following parameters: number of iterations desired = 1024 length of the salt in bytes = 16 length of the derived key in bytes = 4096 But recently I found out that…
Salvador Dali
  • 1,745
  • 1
  • 19
  • 32
11
votes
1 answer

How to encrypt data in frontend/backend with a key that is not stored anywhere and is only known to owner?

I have read bunch of answers and tutorials on how client side cryptography is not a good idea because of many reasons listed mainly in Javascript Cryptography Considered Harmful article. Some facts The app will be using HTTPS There will be server…
Raf
  • 221
  • 1
  • 2
  • 7
11
votes
3 answers

How should I choose a difficulty factor for my password hashing function?

Assuming that I'm doing password hashing properly and using bcrypt, scrypt or PBKDF2, how should I go about choosing an appropriate difficulty factor? i.e rounds for bcrypt, iterations for PBKDF2 and maxtime, maxmem or maxmemfrac for scrypt. Also…
Ladadadada
  • 5,163
  • 1
  • 24
  • 41
1
2 3
11 12