PBKDF2

Iterated HMAC. Password + salt + iteration count → derived key. Old standard. Weak: no memory-hardness (GPU-friendly).

Advertisement

HKDF

Extract-then-expand. Extract: HMAC input into pseudorandom key. Expand: derive multiple keys of specific purpose. TLS 1.3 uses.

Advertisement

Argon2 vs PBKDF2 for passwords

Argon2id preferred for new. PBKDF2 still acceptable with 600k+ iterations (OWASP 2023).

scrypt

Between PBKDF2 and Argon2. Memory-hard. Still valid. Litecoin proof-of-work is scrypt variant.