PBKDF2

Password Based Key Derivation Function

The following example of PBKDF¹ using HMAC SHA256, iterate 1000 times, and output length 32 bytes.

ghci> import Crypto.KDF.PBKDF2
ghci> generate (prfHMAC SHA256 :: PRF ByteString) (Parameters {iterCounts = 1000, outputLength = 32}) ("password":: ByteString) ("salt"::ByteString) :: ByteString
"c,(\DC2\228mF\EOT\DLE+\167a\142\157m}/\129(\246&kJ\ETX&M*\EOT`\183\220\179"

The output is 32 bytes length pseudo random bytestring, we can output hex format with base16 encoding

ghci> convertToBase Base16 $ (generate (prfHMAC SHA256 :: PRF ByteString) (Parameters {iterCounts = 1000, outputLength = 32}) ("password":: ByteString) ("salt"::ByteString) :: ByteString) :: ByteString
"632c2812e46d4604102ba7618e9d6d7d2f8128f6266b4a03264d2a0460b7dcb3"

It is secure to store parameters( salt, iterations count, output length), together with the output bytes in database, in senario such as login, a server can run the same function again with the salt, iterations and length from the record, and compare the output bytes with the one stored in the database.

Since PBKDF2 hash each password with HMAC and a random salt many iterations, it is resistanct to dictionary attacks².

PBKDF2 is a common KDF but it is consider less secure than modern KDF such as Scrypt, Argon2.