Skip to content
Hash Generator

Glossary

Key Derivation Function (KDF)

A KDF derives keys from a secret such as a password, often deliberately slow or memory-hard to resist brute force. Examples: PBKDF2, scrypt, and Argon2.

A Key Derivation Function (KDF) turns a secret — typically a password or a shared key — into one or more cryptographic keys, or into a hash suitable for storing a password. KDFs do two related jobs:

  • Password hashing / stretching: make each guess expensive so brute force is impractical.
  • Key derivation: expand a password or master secret into fixed-length keys for encryption.

What sets a password KDF apart from a plain hash is a tunable work factor and, in modern designs, memory hardness — using lots of RAM to neutralize GPU and ASIC attackers.

Common KDFs, roughly in order of preference today:

  • Argon2 — memory-hard, the recommended default.
  • scrypt — memory-hard.
  • PBKDF2 — iterated HMAC; simple and FIPS-approved but GPU-friendly.

For guidance, see password hashing done right, or try these in the generator.