What is PBKDF2?
PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation algorithm defined in RFC 8018 that applies a pseudorandom function — typically HMAC-SHA-256 — iteratively to a password and salt to produce a derived key that is computationally expensive to brute-force.
PBKDF2 works by repeatedly applying a hash-based message authentication code (HMAC) to the combination of a password and a random salt value. The iteration count controls how many times this operation is performed — more iterations mean more CPU time per key derivation attempt, directly increasing the cost for an attacker trying to guess the password.
The salt is a random value unique to each key derivation operation. It prevents precomputed lookup attacks (rainbow tables) by ensuring that the same password produces different derived keys when different salts are used. The salt does not need to be secret — it is typically stored alongside the derived key or ciphertext.
PBKDF2 was standardized in 2000 and remains widely supported, particularly in browsers through the Web Crypto API. While newer KDFs like Argon2 offer stronger resistance to GPU and ASIC attacks by requiring large amounts of memory, PBKDF2 remains a solid choice for browser-based applications where Web Crypto API compatibility is essential and iteration counts can be set high enough to provide adequate security.
How Vaulted uses PBKDF2
Vaulted uses PBKDF2 through the Web Crypto API when a passphrase is added to a secret. The implementation uses 100,000 iterations with HMAC-SHA-256 and a random 16-byte salt. The derived 256-bit key is used as an AES-KW wrapping key to encrypt the main AES-256-GCM key. The salt is included in the URL fragment alongside the wrapped key so the recipient can re-derive the same wrapping key from the passphrase.