PBKDF2

[3] PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations.

The added computational work makes password cracking much more difficult, and is known as key stretching.

The public key cryptography standard recommends a salt length of at least 64 bits.

[8] The PBKDF2 key derivation function has five input parameters:[9] where: Each hLen-bit block Ti of derived key DK, is computed as follows (with + marking string concatenation): The function F is the xor (^) of c iterations of chained PRFs.

[11] One weakness of PBKDF2 is that while its number of iterations can be adjusted to make it take an arbitrarily large amount of computing time, it can be implemented with a small circuit and very little RAM, which makes brute-force attacks using application-specific integrated circuits or graphics processing units relatively cheap.

On 20 July 2015 Argon2 was selected as the final PHC winner, with special recognition given to four other password hashing schemes: Catena, Lyra2, yescrypt and Makwa.

Algorithmic representation of the iterative process of the Password-Based Key Derivation Function 2.