Key Derivation & Password Hashing
Functions for deriving keys from passwords and other secrets.
Password Hashing
Argon2 ⭐ Recommended
Memory-hard password hashing function
- Three variants: Argon2d, Argon2i, Argon2id
- Winner of Password Hashing Competition
- RFC 9106 standardized
- GPU/ASIC resistant
Use Argon2 for:
- User password authentication
- Cryptocurrency wallet encryption
- Disk encryption key derivation
scrypt
Memory-hard password hashing (RFC 7914)
- Alternative to Argon2
- Used in Tarsnap, some cryptocurrencies
- Good but less configurable than Argon2
Key Derivation Functions
HKDF
HMAC-based key derivation
- For deriving keys from shared secrets
- Not for passwords (use Argon2)
PBKDF2
Password-Based Key Derivation Function 2
- RFC 2898 / FIPS compliant
- For legacy systems and FIPS requirements
- Use Argon2 for new applications
Quick Comparison
| Function | Password Hashing | Key Derivation | Memory-Hard | Recommended |
|---|---|---|---|---|
| Argon2 | ✅ Best | ❌ No | ✅ Yes | ⭐ |
| HKDF | ❌ No | ✅ Yes | ❌ No | For secrets |
| PBKDF2 | ⚠️ Legacy | ⚠️ Legacy | ❌ No | FIPS only |
| bcrypt | ✅ Acceptable | ❌ No | ⚠️ Moderate | Legacy |
| scrypt | ✅ Good | ⚠️ Maybe | ✅ Yes | Alternative |
See Also
- Password Hashing Guide - Best practices
- Security Concepts - Understanding cryptography
- Algorithm Reference - All supported algorithms