Understanding Optimizations and Measuring Performances of PBKDF2

  • Andrea Francesco Iuorio
  • Andrea ViscontiEmail author
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 27)


Password-based key derivation functions (KDFs) are used to generate secure keys of arbitrary length implemented in many security-related systems. The strength of these KDFs is the ability to provide countermeasures against brute-force/dictionary attacks. One of the most implemented KDFs is PBKDF2. In order to slow attackers down, PBKDF2 uses a salt and introduces computational intensive operations based on an iterated pseudorandom function. Since passwords are widely used to protect personal data and to authenticate users to access specific resources, if an application uses a small iteration count value, the strength of PBKDF2 against attacks performed on low-cost commodity hardware may be reduced. In this paper we introduce the cryptographic algorithms involved in the key derivation process, describing the optimization techniques used to speed up PBKDF2-HMAC-SHA1 in a GPU/CPU context. Finally, a testing activity has been executed on consumer-grade hardware, and experimental results are reported.


  1. 1.
    C.E. Shannon, Prediction and entropy of printed English. Bell Syst. Tech. J. 30(1), 50–64 (1951)CrossRefGoogle Scholar
  2. 2.
    H. Krawczyk, Cryptographic extraction and key derivation: the HKDF scheme. Cryptology ePrint Archive. Report 2010/264 (2010)Google Scholar
  3. 3.
    K. Moriarty, B. Kaliski, A. Rusch, PKCS# 5: password-based cryptography specification version 2.1. RFC 8018 (2017)Google Scholar
  4. 4.
    Password hashing competition. Accessed 10 Nov 2018
  5. 5.
    A. Biryukov, D. Dinu, D. Khovratovich, Argon2 (version 1.2). University of Luxembourg, Luxembourg. Accessed 10 Nov 2018
  6. 6.
    C. Forler, S. Lucks, J. Wenzel, Catena: a memory-consuming password-scrambling framework. Cryptology ePrint Archive. Report 2013/525 (2013)Google Scholar
  7. 7.
    M.A. Simplicio Jr., L.C. Almeida, E.R. Andrade, P.C. dos Santos, P.S. Barreto, Lyra2: password hashing scheme with improved security against time-memory trade-offs. Cryptology ePrint Archive. Report 2015/136 (2015)Google Scholar
  8. 8.
    A. Peslyak, yescrypt – password hashing scalable beyond bcrypt and scrypt. Openwall, Inc. (2014). Accessed 10 Nov 2018
  9. 9.
    T. Pornin, The MAKWA password hashing function (2015). Accessed 10 Nov 2018
  10. 10.
    Wi-Fi alliance: discover wi-fi: specifications. Accessed 10 Nov 2018
  11. 11.
    iOS security guide (2017). Accessed 10 Nov 2018
  12. 12.
    C. Fruhwirth, LUKS on-disk format specification version 1.2.2 (2016). Accessed 10 Nov 2018
  13. 13.
    A. Visconti, H. Tahayori, Detecting misbehaving nodes in MANET with an artificial immune system based on type-2 fuzzy sets, in 2009 International Conference for Internet Technology and Secured Transactions (ICITST) (2009), pp. 1–2Google Scholar
  14. 14.
    M.T. Rahman, M.J.N. Mahi, Proposal for SZRP protocol with the establishment of the salted SHA-256 Bit HMAC PBKDF2 advance security system in a MANET, in 2014 International Conference on Electrical Engineering and Information Communication Technology (2014), pp. 1–5Google Scholar
  15. 15.
    Enpass. Accessed 10 Nov 2018
  16. 16.
    F-secure key. Accessed 10 Nov 2018
  17. 17.
    AgileBits: how PBKDF2 strengthens your master password. Accessed 10 Nov 2018
  18. 18.
    LassPass: password iterations (PBKDF2). Accessed 10 Nov 2018
  19. 19.
    Keeper: keeper’s best-in-class security. Accessed 10 Nov 2018
  20. 20.
    A. Belenko, D. Sklyarov, “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really? Blackhat Europe (2012)Google Scholar
  21. 21.
    L. Casati, A. Visconti, Exploiting a bad user practice to retrieve data leakage on android password managers, in Proceedings of the 11th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2017 (Springer, Berlin, 2017)Google Scholar
  22. 22.
    L. Casati, A. Visconti, The dangers of rooting: data leakage detection in android applications. Mob. Inf. Syst. 2018, 6020461 (2018). Google Scholar
  23. 23.
    M.S. Turan, E.B. Barker, W.E. Burr, L. Chen, SP 800-132. Recommendation for password-based key derivation. Part 1: storage applications (2010). Accessed 10 Nov 2018
  24. 24.
    A. Visconti, S. Bossi, H. Ragab, A. Caló, On the weaknesses of PBKDF2, in Proceedings of the 14th International Conference on Cryptology and Network Security, CANS 2015. Lecture Notes in Computer Science, vol. 9476 (Springer, Berlin, 2015)Google Scholar
  25. 25.
    A. Visconti, F. Gorla, Exploiting an HMAC-SHA-1 optimization to speed up PBKDF2. IEEE Trans. Dependable Secure Comput. (2018).
  26. 26.
    NIST: FIPS PUB 180-4. Secure Hash Standard (SHS) (2012). Accessed 10 Nov 2018
  27. 27.
    M. Bellare, R. Canetti, H. Krawczyk, Keying hash functions for message authentication, in Proceedings of Advances in Cryptology—CRYPTO96 (Springer, Berlin, 1996), pp. 1–15zbMATHGoogle Scholar
  28. 28.
    M. Bellare, R. Canetti, H. Krawczyk, Message authentication using hash functions—the HMAC construction. RSA Lab. CryptoBytes 2(1), 12–15 (1996)zbMATHGoogle Scholar
  29. 29.
    H. Krawczyk, M. Bellare, R. Canetti, HMAC: keyed-hashing for message authentication. RFC 2104Google Scholar
  30. 30.
    A. Ruddick, J. Yan, Acceleration attacks on PBKDF2: or, what is inside the black-box of oclHashcat? in Proceedings of the 10th USENIX Workshop on Offensive Technologies (2016)Google Scholar
  31. 31.
    J. Steube, Optimising computation of hash-algorithms as an attacker. Accessed 10 Nov 2018
  32. 32.
    NIST: FIPS PUB 198-1. The keyed-hash message authentication code (HMAC) (2008). Accessed 10 Nov 2018
  33. 33.
    Openssl, version: 1.1.0e. Accessed 10 Nov 2018
  34. 34.
    Libgcrypt, version 1.7.6. Accessed 10 Nov 2018
  35. 35.
    hashcat, version 3.30. Accessed 10 Nov 2018
  36. 36.
    OpenCL. Accessed 10 Nov 2018
  37. 37.
    S. Bossi, A. Visconti, What users should know about full disk encryption based on LUKS, in Proceedings of the 14th International Conference on Cryptology and Network Security, CANS 2015. Lecture Notes in Computer Science, vol. 9476 (Springer, Berlin, 2015)Google Scholar
  38. 38.
    C. Percival, Stronger key derivation via sequential memory-hard functions (2009). Accessed 10 Nov 2018

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversità degli Studi di MilanoMilanoItaly

Personalised recommendations