Password Based Key Derivation Function

The following example of PBKDF1 using HMAC SHA256, iterate 1000 times, and output length 32 bytes.

ghci> import Crypto.KDF.PBKDF2
ghci> generate (prfHMAC SHA256 :: PRF ByteString) (Parameters {iterCounts = 1000, outputLength = 32}) ("password":: ByteString) ("salt"::ByteString) :: ByteString

The output is 32 bytes length pseudo random bytestring, we can output hex format with base16 encoding

ghci> convertToBase Base16 $ (generate (prfHMAC SHA256 :: PRF ByteString) (Parameters {iterCounts = 1000, outputLength = 32}) ("password":: ByteString) ("salt"::ByteString) :: ByteString) :: ByteString

It is secure to store parameters( salt, iterations count, output length), together with the output bytes in database, in senario such as login, a server can run the same function again with the salt, iterations and length from the record, and compare the output bytes with the one stored in the database.

Since PBKDF2 hash each password with HMAC and a random salt many iterations, it is resistanct to dictionary attacks2.

PBKDF2 is a common KDF but it is consider less secure than modern KDF such as Scrypt, Argon2.