Key Derivation Functions
Functions for deriving cryptographic keys from passwords, shared secrets, or other key material.
Available Key Derivation Functions
Argon2
Memory-hard password hashing function, winner of the Password Hashing Competition.
- Variants: Argon2d, Argon2i, Argon2id
- Security: Memory-hard, side-channel resistant
- Use Cases: Password hashing, key derivation from passwords
PBKDF2
Password-Based Key Derivation Function 2, widely standardized and supported.
- Hash Functions: SHA-1, SHA-256, SHA-512
- Security: Iteration-based stretching
- Use Cases: Legacy systems, standards compliance
HKDF
HMAC-based Key Derivation Function for expanding keys from high-entropy sources.
- Phases: Extract-then-Expand
- Security: PRF-based, context separation
- Use Cases: Protocol key derivation, key expansion
BLAKE3 KDF
High-performance key derivation using BLAKE3 hash function.
- Performance: Fastest available KDF
- Output: Unlimited length
- Use Cases: High-speed applications, large key generation
Function Comparison
| Function | Input Type | Memory Usage | Iterations | Parallelizable |
|---|---|---|---|---|
| Argon2 | Password | High (configurable) | Time cost | Yes |
| PBKDF2 | Password | Low | High count | No |
| HKDF | High-entropy key | Low | None | No |
| BLAKE3 KDF | High-entropy key | Low | None | Yes |
Selection Guide
For Password Hashing
- Recommended: Argon2id
- Legacy compatibility: PBKDF2-SHA256
- High-security: Argon2d (if side-channel safe)
For Key Expansion
- High-entropy input: HKDF or BLAKE3 KDF
- High-performance needs: BLAKE3 KDF
- Protocol design: HKDF with domain separation
- Multiple keys: HKDF expand phase or BLAKE3 KDF
- Large key amounts: BLAKE3 KDF
For Different Scenarios
- New applications: Argon2id (passwords), BLAKE3 KDF (keys)
- Mobile/embedded: PBKDF2 (lower memory)
- Server applications: Argon2id with high memory cost
- High-performance protocols: BLAKE3 KDF
- Standards-compliant protocols: HKDF
Security Parameters
Argon2 Recommendations
- Memory: 64 MB minimum (more if possible)
- Time: 3-4 iterations minimum
- Parallelism: Number of CPU cores
- Output: 32 bytes minimum
PBKDF2 Recommendations
- Iterations: 100,000+ (adjust for performance)
- Salt: 16 bytes minimum, random
- Hash: SHA-256 or SHA-512
- Output: 32 bytes minimum
HKDF Usage
- Salt: Random, unique per derivation
- Info: Context-specific information
- Length: As needed by application
- Hash: SHA-256 or SHA-512
Implementation Notes
- All functions use constant-time operations where applicable
- Proper salt generation and storage is critical
- Memory clearing after use prevents key recovery
- Parameter selection should balance security and performance