KDFs & Password Hashing
- Hashes vs KDFs vs password hashing
- Salts and peppers
- HKDF extract/expand
- PBKDF2 iterations
- Memory-hard KDFs
- Parameter storage and upgrades
1 / 9
Threat model
- Assume database theft
- Offline guessing is the main risk
- Defend with cost per guess
2 / 9
Salt vs pepper
- Salt: random, public, per password
- Pepper: secret, stored separately
- Both improve defense differently
3 / 9
HKDF
- Extract: PRK = HMAC(salt, IKM)
- Expand: OKM = HMAC(PRK, T(i-1) || info || i)
- Used for protocol keys
4 / 9
PBKDF2
- Iterative HMAC
- Slows guessing
- CPU-hard, not memory-hard
5 / 9
Memory-hard KDFs
- scrypt, Argon2
- Force large memory usage
- Better against GPUs
6 / 9
Parameter management
- Store algorithm + params + salt
- Increase cost over time
- Rehash on login when outdated
7 / 9
Constant-time compare
- Avoid timing leaks
- Always compare full hashes
8 / 9
What you will build
- HMAC-SHA256
- HKDF-SHA256
- PBKDF2-SHA256
- Password hash verification
9 / 9
Use arrow keys or click edges to navigate. Press H to toggle help, F for fullscreen.