Key derivation function

A Key derivation function is a cryptographic hash function which is designed to make a small key or password harder to attack using a dictionary attack or brute force attack.

It is normally expressed as ${\displaystyle DK=(Key,Salt,Iterations)}$ where ${\displaystyle DK}$ is the derived key, ${\displaystyle Key}$ is the original key, ${\displaystyle Salt}$ is a large random number (typically around ${\displaystyle 2^{64}}$) which acts as cryptographic salt, and ${\displaystyle Iterations}$ refers to the number of iterations of a sub-function (typically 1000). The derived key instead of the original key as the key to the system.

The values of the salt and the number of iterations can then be stored.

When we have a large number of iterations it is practical time-wise for ${\displaystyle DK}$ to be computed for a single password, but not for a large number of passwords as a brute force attack would require. The use of salt prevents the attackers from precomputing a dictionary of derived keys.