PBKDF2 Hash Generator — Key Derivation Function
Quick Answer: PBKDF2 (Password-Based Key Derivation Function 2) applies a pseudorandom function (typically HMAC-SHA256) to a password with a salt over many iterations. Use at least 600,000 iterations with HMAC-SHA256 as recommended by OWASP in 2026.
FAQ
How many PBKDF2 iterations should I use?
OWASP recommends 600,000 iterations with HMAC-SHA256 (or 210,000 with HMAC-SHA512) as of 2024. Increase annually as hardware improves.
Is PBKDF2 better than bcrypt?
Both are acceptable. Bcrypt has built-in memory hardness making it more GPU-resistant. PBKDF2 is FIPS-compliant and available in every platform via Web Crypto API.