You have probably read about PBKDF2 if you have read any article discussing the LastPass hack or reviewing the security of a password manager. For non-technical readers, I wanted to write a quick explanation.

PBKDF2 (Password-Based Key Derivation Function 2) is a widely used method of protecting passwords.

A key derivation function such as PBKDF2 is designed to make it more difficult for an attacker to crack a password, even if they possess the hashed password value. This is accomplished by adding a "work factor," or iteration count, to the password hashing process. Iteration count refers to the number of times the hashing function is applied to the password, making cracking the password much more computationally costly.

PBKDF2 is widely used in a variety of applications, including online services, financial systems, and mobile devices.

With PBKDF2, the user's password is concatenated with a salt and the iteration count, and the result is then hashed using a cryptographic hash function such as SHA-256. The salt, the number of iterations, and the resulting hash value are then stored in a database. Upon logging in, the system uses the same salt, iteration count, and hash function to compare the entered password with the stored hash. The user is granted access if the values match.

It is important to use a strong and unique password and keep the salt and hashed values secure. Even though PBKDF2 is considered a strong method, more advanced key derivation functions such as bcrypt and scrypt are now available and recommended where more stringent security is required.

Keywords: PBKDF2 (Password-Based Key Derivation Function 2), Password protection, Key derivation function, Hashed password, Iteration count, Cryptographic hash function, SHA-256, Password storage, NIST guidelines, Security, Encryption, bcrypt, script, Work factor, Data privacy, Information security