Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term PBKDF2 Hashing

Training Camp • Cybersecurity Glossary

What is PBKDF2 Hashing?

PBKDF2 (RFC 8018) is a password-based key derivation function that uses a salt and thousands of HMAC iterations to slow brute-force and rainbow-table attacks.

Glossary > Cryptography & PKI > PBKDF2 Hashing

PBKDF2 Hashing — PBKDF2 (RFC 8018) is a password-based key derivation function that uses a salt and thousands of HMAC

Understanding PBKDF2 Hashing

PBKDF2 (Password-Based Key Derivation Function 2) is a cryptographic algorithm that derives a strong key from a password by applying a pseudorandom function thousands of times with a random salt. Standardized in RFC 8018 (PKCS #5 v2.1) and recommended by NIST SP 800-132, it is widely used to hash passwords for storage and to derive encryption keys from passphrases.

PBKDF2 takes four inputs: the password, a unique random salt, an iteration count, and a desired output length. It repeatedly runs an underlying PRF, typically HMAC-SHA-256 or HMAC-SHA-512, feeding each round's output into the next. This deliberate key stretching makes each password guess computationally expensive. The salt ensures identical passwords produce different hashes and defeats precomputed rainbow tables, while a high iteration count (modern guidance recommends hundreds of thousands of iterations) scales the cost upward as hardware improves.

For security, PBKDF2 protects stored credentials so that even if an attacker steals the password database, recovering the original passwords through brute force or dictionary attacks becomes slow and costly. Its main weakness is that it is not memory-hard, so attackers with GPUs, FPGAs, or ASICs can parallelize guessing efficiently. For this reason newer applications often prefer memory-hard functions like Argon2, scrypt, or bcrypt, though PBKDF2 remains acceptable and is required in many FIPS-validated and regulated environments because it is FIPS-approved.

For example, when a user creates an account, the server generates a 16-byte random salt and computes PBKDF2-HMAC-SHA256 over the password with 600,000 iterations, then stores the salt, iteration count, and resulting hash. At login it repeats the computation on the entered password and compares hashes. If the database is later breached, an attacker must spend enormous compute per guess per user, buying defenders time to force password resets. PBKDF2 also derives the encryption key in tools like WPA2 and many disk-encryption and password-manager products.

Learn More About PBKDF2 Hashing:

Ready to Get Certified?

PBKDF2 Hashing is one of the topics you'll master in the Security+ Boot Camp.

Security+ Boot Camp →