PBKDF2 & HKDF Key Derivation

What is PBKDF2 & HKDF Key Derivation?

PBKDF2 & HKDF Key Derivation is a free in-browser tool that runs the two key derivation functions developers reach for most. PBKDF2 (Password-Based Key Derivation Function 2) deliberately slows down brute force by repeating an HMAC many thousands of times, turning a human password plus a salt into a fixed-length key. HKDF (HMAC-based Key Derivation Function) takes a secret that already has enough entropy and expands it into one or more context-bound subkeys using an info label, which is ideal for deriving separate encryption and authentication keys from a single master secret. Backend engineers, security reviewers, and anyone building login or encryption code use it to test vectors, reproduce a server's derivation, or generate keys for a one-off task. Use the PBKDF2/HKDF toggle to switch algorithm, choose SHA-256, SHA-384, SHA-512, or SHA-1, set the output length in bits, and read the result as hex or base64.

How to use PBKDF2 & HKDF Key Derivation

1. Pick PBKDF2 or HKDF with the toggle at the top, matching the function your code or test vector uses.
2. Type or paste your password (PBKDF2) or high-entropy secret (HKDF) into the Secret field, then enter a salt.
3. For PBKDF2 set the iteration count; for HKDF set the optional info label that binds the key to a context.
4. Choose the hash (SHA-256, SHA-384, SHA-512, or SHA-1) and the output length in bits.
5. Switch the hex / base64 toggle to the encoding you need and copy the derived key with the copy button.

Examples

Secret: correct horse battery staple
Salt: a1b2c3d4
Hash: SHA-256, Iterations: 100000, Bits: 256

a 64-character hex string (32 bytes) that is reproducible for the same password, salt, hash, and iteration count

Secret: 9f8e7d6c…(master key)
Salt: session-2024
Info: aes-gcm-encryption
Hash: SHA-256, Bits: 256

a different 256-bit key than the same secret with Info: hmac-authentication, so one master produces independent subkeys

Bits: 128, encoding switched to base64

a 24-character base64 string encoding the first 16 derived bytes

Frequently asked questions

Does my password or secret get sent anywhere?

No. The Secret, salt, and info stay in your browser. The key is derived locally with the Web Crypto API (crypto.subtle.deriveBits), and nothing is uploaded to or stored on any server, so the tool works offline and your inputs never leave the page.

When should I use PBKDF2 versus HKDF?

Use PBKDF2 to derive a key from a low-entropy human password — its iteration count slows brute force. Use HKDF when you already have a high-entropy secret (a master key or shared secret) and want to expand it into one or more separate subkeys via the info label. HKDF is fast and is not a substitute for PBKDF2's password stretching.

Why is my output length rounded?

Web Crypto's deriveBits works in whole bytes, so the output length in bits is rounded to the nearest multiple of 8. The stat below the result shows the actual bits and bytes that were produced.

Which hashes and algorithms are supported?

Both algorithms run on SHA-256, SHA-384, SHA-512, or SHA-1, the hashes the browser's Web Crypto exposes for PBKDF2 and HKDF. Scrypt, Argon2, and bcrypt are not provided because browsers do not implement them natively.

Will the same inputs always give the same key?

Yes. Key derivation is deterministic: the same algorithm, secret, salt, hash, output length, and iteration count (PBKDF2) or info (HKDF) always produce the same bytes, which is why you can use this to reproduce or verify a key your server derived.