PBKDF2

PBKDF2 (Password -Based Key Derivation Function 2 ) is a function to derive a password from a key that can be used in a symmetrical method. PBKDF2 is part of the Public -Key Cryptography Standards of RSA Laboratories ( PKCS # 5) and was also published by the Internet Engineering Task Force.

The derivation

On the password is a pseudo-random function, such as a cryptographic hash function or HMAC, applied together with a salt value. The function is then repeatedly applied to the result. This chain makes it difficult by brute- force method from the key close to the original password. By using Salt, the use of rainbow tables is also very difficult. By increasing the number of passes and the function of the increasing performance of computers can be adjusted.

Applications of PBKDF2

• Wi- Fi Protected Access (WPA and WPA2)
• LastPass as PasswordHash
• EncFS (Linux, FreeBSD and Mac OS X ) version 1.5.0
• WinZip AES encryption
• TrueCrypt (Windows, Linux and Mac OS X)
• GRUB2 (boot loader )
• LUKS

Criticism and alternatives

PBKDF2 is considered to be vulnerable to attacks with special hardware such as graphics processors, field-programmable gate arrays and application-specific integrated circuits. Due to the low memory requirements, the function can inexpensively implemented in dedicated hardware, and so dictionary attacks or brute force methods are executed in parallel. This attack surface is considered, although due to the moderate memory requirements less dramatic, also for bcrypt. A key derivation function to protect against attacks with special hardware, is the Scrypt function, which was published as an Internet Draft.