Security Tools

PBKDF2 Generator

Derive PBKDF2 keys from any password and salt in your browser. SHA-1, SHA-256, SHA-384, SHA-512, OWASP iteration presets, hex and base64 output, verify mode.

Modern default. Used by Django, AWS Cognito SRP, 1Password, Bitwarden, and macOS encrypted backups. OWASP minimum is 600,000 iterations.

Password

28 chars

Treated as a UTF-8 byte string. Unicode passwords work, but make sure the verifying system normalizes the same way.

Salt

Use a fresh random salt per record. 128 bits (16 bytes) is the common minimum.

Iterations

Higher iterations make brute force more expensive but increase wall-clock time. PBKDF2 work scales linearly with this value.

Derived key length

Common: 256 bits for AES-256, 160 bits for HMAC-SHA-1 records, 512 bits for FileVault. Must be a multiple of 8.

Or load a sample

PBKDF2 runs in your browser through the Web Crypto API. The password, salt, and derived key never leave this page.

PBKDF2-HMAC-SHA-256 derived key

Enter a password and salt to derive the key

No derived key yet

About PBKDF2

What it does
PBKDF2 (RFC 8018) stretches a password into a fixed-length key by feeding it through HMAC-hash thousands of times. The salt is mixed in so identical passwords produce different keys per record.
Where you see it
Django and Flask password storage, WPA2 PSK, 1Password and Bitwarden master keys, macOS and iOS encrypted backups, BitLocker recovery keys, Apple Keychain, AWS Cognito SRP, FileVault.
OWASP minimums (2025)
PBKDF2-SHA-1: 1,300,000 iterations. PBKDF2-SHA-256: 600,000. PBKDF2-SHA-384: 240,000. PBKDF2-SHA-512: 210,000. Click Use OWASP minimum to load the recommended count for the chosen hash.
Salt advice
Use a fresh, random 128-bit salt per record. The Random 128-bit button calls crypto.getRandomValues to produce one. Never reuse a salt across users or hash a username as a salt.
Output formats
Hex matches OpenSSL, Django, and Passlib output. Base64 matches WPA2 PSK exports. Base64 URL-safe matches JWT and other URL-friendly token storage. Copy whichever your downstream system expects.
Test vectors
The Sample buttons load the first vector from RFC 6070 (PBKDF2 with HMAC-SHA-1, password and salt, 1 iteration, 160-bit output) and the Django 5.x default profile so you can confirm the tool against published reference values.

Every derivation uses the Web Crypto API in your browser. Passwords, salts, and derived keys are not uploaded anywhere.

How to use

Pick a hash function: SHA-256 for new password storage, SHA-1 for WPA2 or legacy compatibility, SHA-384 or SHA-512 for stronger digests.
Type the password and salt. Switch the salt encoding between UTF-8, hex, and Base64 when you need to match a stored record, or click Random 128-bit for a fresh per-record salt.
Set the iteration count. Click Use OWASP minimum to load the current 2025 recommendation for the chosen hash.
Set the derived key length in bits or bytes. 256 bits matches AES-256 and Django, 160 bits matches HMAC-SHA-1 records, 512 bits matches FileVault.
Copy the derived key as hex, uppercase hex, Base64, or URL-safe Base64. Use the Copy summary button to grab every field at once.
Switch to Verify expected key, paste a target hash, and the tool runs a constant-time comparison against the derivation.

About this tool

PBKDF2 Generator derives a fixed-length key from a password and a salt using PBKDF2 (Password-Based Key Derivation Function 2, RFC 8018 / PKCS #5 v2.1). It supports HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512, with iteration counts up to five million and output lengths up to 4,096 bits. Every derivation runs natively in your browser through the Web Crypto API (crypto.subtle.importKey plus deriveBits), so the password, salt, and derived key never leave your device. The tool surfaces the result as hex, uppercase hex, standard Base64, and URL-safe Base64 at the same time so you can match whatever format Django, OpenSSL, OAuth tokens, JWT keys, or WPA2 PSK tooling expects. Verify mode runs a constant-time comparison against a pasted target digest (with friendly handling of Django pbkdf2_sha256 records) so you can confirm whether a stored hash was produced from the same password. Built-in OWASP iteration presets make it easy to align with current 2025 password storage guidance, and the RFC 6070 test vectors are one click away so you can sanity-check the implementation against published reference values.

Free to use. Works in your browser. No signup, no login.

Related tools

PBKDF2 Generator

How to use

About this tool

You may also like

HMAC Generator

SHA-256 Hash Generator

MD5 Hash Generator

Password Entropy Calculator

Password Strength Checker

Password Generator