Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Key Derivation Functions
What are they?
Pseudo-Random Function
Hash-based message authentication codes (HMACs)
Use of HMAC functions in PBKDF2
How does KDF strengthen our security?
Attempting to crack the enhanced password
Attempting to crack the original password
A completely insecure system
Frequently Asked Questions
How are keys derived?
Is key derivation secure?
What key derivation is used for passwords and the protection of password hashes?
Last Updated: Mar 27, 2024

Key Derivation Functions

Author Sanjana Yadav
0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


Hello Reader!!

Key is a crucial parameter used with cryptographic algorithms. To generate these keys, we need some key derivation functions. Today, we will learn about these functions, their uses, and their working with examples to understand them better. We will also see how they help in increasing our security.

Key derivation functions

So, let’s get started!

Key Derivation Functions

A key derivation function (KDF) is a cryptographic procedure that uses a pseudorandom function to generate one or more secret keys from a secret value, such as a master key, password, or passphrase.

What are they?

Passwords are commonly used in cryptography instead of binary keys since they are easier to remember, write down, and can be shorter.

When a certain algorithm requires a key (for example, for encryption or digital signature), a key derivation function (password -> key) is required.

A key derivation function (KDF) takes an input, passes it through a particular function, and then outputs secure keying material. The input might be a password or other risky keying material.

The most common type of KDFs are hash-based key derivation functions.

KDFs overlap with Hash functions. Some properties of the Hash function are

  • It deterministically scrambles data (The same input gives the same output).
  • A hash function's output is always the same size regardless of the input.
  • It is unable to get the input from the output (one-way function).
Hash and KDF

All hash-based KDFs are secure hash functions, but not all hash functions are hashed-based KDFs.

KDFs, in addition to having the properties of a hash function, can be used for the following purposes:

  • Key Stretching - A key with low entropy is taken and stretched into a longer key which is more secure.  
  • Key Separation - KDFs enable the creation of child keys from a master key. This is useful in applications such as Bitcoin, where child keys can control different parts of a wallet. 
  • Key Strengthening - Strengthening adds a random salt to a key but then deletes the salt so it can't be used again.


Key derivation functions can perform a variety of tasks, including

  • Passwords and other weak sources of keying material are converted into strong keys. This is referred to as key stretching.
  • Creating a large number of keys from a single source of keying data. This allows us to employ different keys for different aspects of a cryptosystem.
  • Passwords should be stored securely to keep hackers out.


There are other password-based key derivation methods. However, we will learn how they work by discussing Password-Based Key Derivation Functions (PBKDF2).

PBKDF2 is an abbreviation for Password-Based Key Derivation Function 2. PBKDF2 was released in 2000 as part of RSA Laboratories' series on public-key cryptography.

One of the goals of a password-based key derivation function is to convert a password, a low-entropy secret, into a key of suitable length and sufficient randomness from a uniform distribution.

PBKDF2 does this using:

  • A password- This is the user's password, which needs to be converted into a strong key. The password must be kept private.
  • A salt-  A salt is simply an extra random data input that the KDF processes with the password. Salts are not required to be secret and are kept with password hashes.
  • An iteration count- The iteration count specifies how many times the values will be sent through the function.
  • The derived key length - The generated key length is the length that the implementer desires for the output.

According to the setting for iteration count, PBKDF2 passes the password and salt through a pseudo-random function a specified number of times. The resulting strong key has the length indicated in the derived key length input. This key is then used to protect different components of a cryptosystem.

Let us now discuss some more components of PBKDF2 in detail:

Pseudo-Random Function

A pseudo-random function is one that accepts a secret random seed and a data variable as inputs. It produces a result that is computationally identical to a really random output.

As its PRF, PBKDF2 employs hash-based message authentication code (HMAC) functions. HMACs were initially intended for message authentication. However, they are easily adaptable to the job of PRFs.

Hash-based message authentication codes (HMACs)

Hash-based message authentication code (HMAC) functions are based on cryptographic hash functions like:

  • The SHA-2 family 
  • The SHA-3 family

HMAC functions use a key as the random seed and the message text as data variable. They generate a message authentication code (MAC), which, as the name suggests, is used to authenticate communications.

The original key is converted into a block-sized key, which is then utilized twice as input into the HMAC. The first time, it is added to the message's inner padding and concatenated (that is, one value is appended to the other, making a long string made of one value after the other). This string is then hashed, yielding the first output.

The key is then appended to the outer padding and concatenated with the previous operation's output. This text is subsequently hashed, yielding the message authentication code as the final output (MAC).

Use of HMAC functions in PBKDF2

A typical HMAC runs in a loop. After concatenating the key with one kind of padding with the content, this string is hashed:

H(K inpad ‖ message)


HMAC: resultant hash-based message authentication code.

H: Hash function. In HMAC-SHA-256, this will be SHA-256.

K: Block-sized version of the initial key.

: XOR operation.

outpad: The outer padding.

‖: concatenation.

Inpad: The inner padding.

message: The message text.

An HMAC operation would typically end there, leaving us with a message authentication code that we might use to verify the message's authenticity.

What if, instead, we just continued in this loop?

H(K ‖ message)


H(K ‖ Output one)


H(K ‖ Output two)


H(K ‖ Output four)


H(K ‖ Output five)

And so on…

This is precisely how PBKDF2 uses the HMACs. The iteration count enters the picture at this point. It details how many times we must repeat this process. For safe password hashing, OWASP presently advises using HMAC-SHA-256 with a 310,000 iteration count. This implies that 310,000 times in this loop, the outputs must be hashed again.

This is done to restrict hackers' attempts to crack passwords.

In PBKDF2, the message serves as the salt, while the user's password serves as the seed.

How does KDF strengthen our security?

We previously discussed how one of the primary applications of KDFs is to transform passwords and other weak keying sources into reliable keys. But how does key stretching increase the security of our systems? What part do PBKDF2 and other important derivation functions play in it?

Let's contrast a system that doesn't use KDF to a system that does to show how password-based key derivation functions may strengthen cryptosystems.

We have a user, Alice, in both situations who uses the same poor password, Rabbits192. Rabbits192 is undoubtedly a poor password, but it's not, particularly so. Unless they are compelled not to, many people will use passwords that are this basic. According to our password tester, using a machine to break this would take roughly two weeks.

In the absence of PBKDF2, an attacker would most likely employ a dictionary attack to iterate over the most probable password combinations until they reached Rabbits192. They would probably be able to break the password after executing the attack for two weeks and take complete control of Alice's account.

Let's try the same process using a system that uses PBKDF2 and HMAC-SHA-256 to amplify the password into a more robust key. In this system, Alice enters her password, Rabbits192, and the system hashes it many times. After that, a 256-bit hash is produced.

This time, if a hacker wants to enter the system, they have two choices:

Attempting to crack the enhanced password

The attackers might try to guess the new, stronger password. However, because of the uniform distribution and randomness of this new password, dictionary attacks would be ineffective. The hacker would be forced to use brute force instead, trying every possible character combination until they found the key. It would take them a very long time to do this because it is 256 bits long.

According to our tool for evaluating password strength, it would take 3,760 septuagintillion years to break the password. This is a very long time after the universe's heat death. Therefore, the hacker will not be able to hack the password.

Attempting to crack the original password

The alternative for the attacker is to attempt to break the first password. However, now that PBKDF2 has been used, it is not possible to do so.

A completely insecure system

When someone enters a password attempt, a very unsafe password system would immediately check its database to determine if the password it has on file matches the attempt. This would occur almost instantly.

Also read, Blockchain

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

Frequently Asked Questions

How are keys derived?

A derived key is one that can be generated using a well-defined algorithm, sometimes known as a key derivation function, from input that includes both public and private data.

Is key derivation secure?

Using a secure "key derivation function" (KDF), which produces a "derived key," is the most secure approach for calculating a key. Derived keys provide a number of important practical advantages but are just as safe as random keys.

What key derivation is used for passwords and the protection of password hashes?

A particular Key Derivation Function is PBKDF2, which is described in RFC 2898 is used for passwords and to protect hashes.


In this article, we learned about the Key Derivation Functions.

We saw these functions, their uses, and their working with examples to understand them better. We also saw how they help in increasing our security.

We hope this article has clarified your understanding of the Key Derivation Functions. You can refer to our blogs to understand more about cryptographic concepts.


You can also visit our website to read more such blogs. Make sure you enroll in our courses, take mock tests, solve problems, and interview puzzles. Also, you can prepare for interviews with interview experiences and an interview bundle.

Keep learning and keep growing, Ninjas!

Thank you

Previous article
Session Attacks and Hijacking in Cryptography
Next article
MTI Key Agreement Schemes
Live masterclass