Key derivation standards

Main article cryptography

PKSC#5 defines two different key derivation functions.

PBKDF1 specifies a system based on a hash function. It implements salting and iteration, much as described earlier in this tutorial. The maximum size of the derived key is 160 bits.

PBKDF2 specifies a system based on a random number generator. Once again, it implements salting and iteration, as described earlier in this tutorial. The size of the derived key is virtually unlimited for most practical purposes.

The specification recommends PBKDF2 for new applications. This is mainly because PBKDF1 has a very limited key size. However, one reason for this is that PBKDF1 permits only MD2, MD5 or SHA-1 as the hash [algorithm|hashalg]. There is no real reason why SHA-2 or RIPE could not be used, which would give a key size of up to 512 bits.