Crypto Tools

Active tool: Cryptographic Tools

Selected option: Key Derivation (Password Hashing)

What It Does

Derives cryptographic keys from passwords using PBKDF2, Argon2id, or scrypt.

How to Use It

Enter a password.
Provide a salt (or generate a random one).
Select the algorithm (PBKDF2, Argon2id, scrypt).
Adjust parameters (iterations, memory, parallelism) as needed.
Click “Derive” to compute the key.

Options Explained

Option	Description
Algorithm	PBKDF2 (widely supported), Argon2id (recommended), or scrypt
Salt	Random bytes mixed with the password to prevent precomputation attacks
Iterations / Cost	How many rounds the algorithm runs — higher values are slower but more secure
Memory (Argon2/scrypt)	Memory consumed during derivation — higher values resist GPU attacks
Parallelism	Number of parallel threads (Argon2)
Output length	Desired key length in bytes
Output encoding	Hex or Base64 format for the derived key

Tip: For password storage, prefer Argon2id with ≥ 64 MB memory and ≥ 3 iterations. PBKDF2 with ≥ 600,000 iterations is the minimum recommended by OWASP (2023).

Algorithm

PasswordShow password

Use a strong passphrase for better security. The password never leaves your browser.

Salt

Salt length

Choose 16, 24, 32, 48, or 64 bytes; longer salts increase uniqueness but also command length.

Salt format

Recommended salt length: 16–32 bytes. The tool flags anything shorter than 8 bytes.

Iterations

Aim for at least 100,000 iterations. Higher values increase runtime but improve resistance to brute-force attacks.

Digest

Key length (bytes)

32 bytes works well for AES-256 or HMAC-SHA-256. Use 16 bytes for AES-128 sized keys; advanced use cases can stretch to 256 bytes.

Output encoding

Derived key

Linux command

About Key Derivation Functions

Key Derivation Functions (KDFs) transform a low-entropy input — such as a human-chosen password — into a high-entropy cryptographic key suitable for encryption or authentication. They achieve this through key stretching: deliberately slowing down computation with many iterations, large memory requirements, or both, making brute-force and dictionary attacks impractical.

This tool supports three modern KDFs. PBKDF2 (Password-Based Key Derivation Function 2) applies a pseudorandom function thousands of times and is widely supported, including in the Web Crypto API. Argon2id is the winner of the Password Hashing Competition, combining memory-hard and time-hard properties to resist GPU and ASIC attacks. Scrypt is memory-hard and remains a strong choice where Argon2 is unavailable.

A random salt must accompany every derivation to prevent rainbow-table attacks and ensure identical passwords produce different keys. The output length, iteration count, and memory parameters should be tuned to balance security with acceptable latency.

Common Use Cases

Hashing passwords securely for storage in authentication databases
Deriving encryption keys from user-provided passphrases
Generating deterministic keys for password-based file encryption
Protecting master secrets in password managers and key vaults
Strengthening weak secrets before use in HMAC or token generation
Server-side credential verification without storing plaintext passwords

What Is a Key Derivation Function?

A key derivation function (KDF) is a cryptographic algorithm that transforms a low-entropy input (such as a user password) into a high-entropy cryptographic key suitable for encryption or authentication. KDFs deliberately introduce computational cost — measured in iterations, memory usage, or parallelism — to make brute-force and dictionary attacks impractically expensive. PBKDF2 (RFC 8018) applies a pseudorandom function thousands of times; bcrypt uses an adaptive cost factor based on the Blowfish cipher; scrypt adds memory-hardness to resist GPU attacks; and Argon2 (winner of the 2015 Password Hashing Competition) offers tunable time, memory, and parallelism parameters for the strongest protection available today.

Frequently Asked Questions

Which KDF should I use for password hashing?

Argon2id is the current recommended choice. If your platform does not support Argon2, bcrypt or scrypt are strong alternatives. PBKDF2 is acceptable when the iteration count is set high enough (at least 600,000 for SHA-256).

What is a salt and why does it matter?

A salt is a random value mixed into the input before hashing. It ensures that two users with the same password produce different hashes, defeating precomputed rainbow-table attacks. Always use a unique, random salt for every password.

How many iterations should I use for PBKDF2?

OWASP recommends at least 600,000 iterations with SHA-256 (as of 2023). Higher is better, but balance with acceptable login latency for your users. Test on your target hardware and adjust.

Is my password sent to a server?

No. All key derivation runs locally in your browser. Your password and derived key are never transmitted or stored.

All key derivation is performed locally in your browser. Passwords and derived keys are never transmitted to any server.