PBKDF2 Password Hash & Key DerivationPrivacy: All processing runs locally

Derive PBKDF2 hashes from passwords using Web Crypto, configure salt, iterations, hash function, and output length — entirely in your browser.

Local playground. Everything runs in your browser. Do not paste real production passwords into online tools. Production password hashing belongs on the server side. This tool is for testing, learning, and debugging.

Iterations Hash function Derived key length (bytes) Output format

Salt (base64url, auto-generated)

Password0

PBKDF2 Derived Hash0

How PBKDF2 Works

PBKDF2 (Password-Based Key Derivation Function 2) derives cryptographic bytes from a password and a salt by applying a pseudorandom function (like HMAC-SHA-256) many times. It is not bcrypt — PBKDF2 is a different algorithm with different parameters.

The key parameters are: password, salt (random bytes), iterations (number of HMAC rounds), hash function (SHA-256, SHA-384, or SHA-512), and derived key length (output byte count).

Web Crypto API

This tool uses the browser's native crypto.subtle.deriveBits() with the PBKDF2 algorithm. This is fast, secure, and does not require any external library.

Iterations

More iterations increase computation time, making brute-force attacks slower. Current recommendations suggest at least 600,000 iterations for SHA-256. Browser performance may limit practical iteration counts.

Konvi Portable String Format

This tool can output a portable string that includes all parameters needed for verification:
konvi-pbkdf2$sha256$i=600000$l=32$s=<salt>$h=<hash>
This is a Konvi.ch format, not a universal standard. Salt and hash are base64url-encoded.

Comparison

PBKDF2 is widely supported and available in Web Crypto. For new systems, Argon2id is generally preferred. Bcrypt and scrypt are also common alternatives.

FAQ

Can I decrypt a PBKDF2 hash?

No. PBKDF2 is a one-way key derivation function. The password cannot be recovered.

Is it safe to paste a real password here?

This tool runs entirely in your browser. However, avoid pasting real production passwords into any online tool.

Should I hash passwords in the browser before login?

No. The hash would become the password. Hash on the server side.

What is a salt?

A random value mixed into the derivation. It prevents identical passwords from producing identical hashes and helps against precomputed tables.

Why does the same password produce different hashes?

Because a new random salt is generated each time. The salt is stored alongside the hash for verification.

Which algorithm should I use in production?

Follow your platform's security guidance. PBKDF2 is used where compliance or platform compatibility matters. Argon2id is generally recommended for new systems.

Why is derivation slow?

Intentionally. High iteration counts make brute-force attacks impractical.

What do iterations mean?

The number of times the pseudorandom function is applied. More iterations = more computation time per hash = harder to brute-force.