Password-based Key Derivation Function 2

Last modified Jun 19, 2022
Password-based Key Derivation Function 2

The PBKDF2 (Password-based Key Derivation Function 2) SHA-256 algorithm is for generating Encryption Keys from a user’s Master Password. Before being sent to the Locker servers, the Master Password is encrypted with a random value created by using the user’s email address and the hashing technique, locally on the user’s device. When the Locker servers receive the encrypted Master Password, the password is encrypted again with a secure random value (generated by the Cryptographically Secure Pseudorandom Number Generator) and the hashing technique, and is subsequently stored in the Locker database.

The default number of iterations with the PBKDF2 algorithm is 100,001 on the user’s device, and then an additional 216,000 on the Locker’s servers (for a total of 316,001 iterations by default).

Notion image

The PBKDF2 algorithm has 5 input parameters:

key=PBKDF2(password,salt,iter_count,hash_func,key_len)key = PBKDF2(password, salt, iter\_count, hash\_func, key\_len)

In which:

  • passwordpassword : the user’s Master Password.
  • saltsalt : cryptographic salt. Locker uses the user’s email as the first salt.
  • iter_countiter\_count : number of iterations.
  • hash_funchash\_func : hash function with output of length h_lenh\_len.
  • key_lenkey\_len : length of output key.

Key KK is divided into blocks of maximum length h_lenh\_len. For each block KHi{KH}_i,

  1. Use the hash function with iter_countiter\_count iterations with passwordpassword and saltsalt as inputs. The first saltsalt is the user’s email and the next saltsalts are the outputs of the previous hashing:
    1. H1=hash_func(password,email)H_1=hash\_func(password, email)

      H2=hash_func(password,H1)H_2=hash\_func(password, H_1)


      Hiter_count=hash_func(password,Hiter_count1)H_{iter\_count}=hash\_func(password, H_{iter\_count-1})

  1. Perform XORXOR operation with all the outputs HiH_i from step 1:
    1. KHi=H1H2...Hiter_count{KH}_i = H_1 ⊕H_2⊕...⊕H_{iter\_count}.

  1. Concatenate all the KHi{KH}_i blocks into key KK:
    1. K=KH1KH2...KHkey_len/h_lenK = {KH}_1||{KH}_2||...||{KH}_{key\_len/h\_len}