Key Derivation Functions convert a password or input key material into one or more cryptographic keys. PBKDF2 is designed for password-based key derivation (slow by design). HKDF is designed for deriving keys from high-entropy input.
Inputs
Algorithm: The key derivation function.
Password / IKM: The password (PBKDF2) or Input Keying Material (HKDF) in ASCII.
Salt: Random value to prevent rainbow table attacks. Should be unique per derivation.
Iterations: Number of PBKDF2 iterations. Higher = slower = more secure.
Key Length: Desired output key length in bytes.
Hash Algorithm: The underlying hash function for the KDF.
Info: HKDF context/application-specific info string for domain separation.
Tips
PBKDF2 is for passwords. HKDF is for keys or other high-entropy secrets.
Always use a unique salt for each user/derivation.
Higher iteration counts make PBKDF2 more resistant to brute-force attacks.