KDF Key Derivation Tool
Derive strong binary keys from passwords.
PBKDF2
HKDF
Scrypt
Argon2id
SHA-256
SHA-512
SHA-1
SHA-384
Key Material (IKM/Shared Secret)
Hex
UTF-8
Base64
Salt:
Hex
UTF-8
Base64
Input Parameters
Derivation Result
Hex
Base64

About KDF: Key Derivation Fundamentals You Need to Know

KDF (Key Derivation Function) derives high-strength cryptographic keys from passwords or shared secrets. Here's a brief intro to the core concepts, common algorithms, and security best practices to help you use this tool more effectively.

#01

What Is a KDF (Key Derivation Function)?

A Key Derivation Function (KDF) is a cryptographic algorithm that transforms a "weak" secret (such as a user password or shared key material) into one or more high-entropy binary keys, using cryptographically secure hashes or pseudo-random functions (PRFs). The original motivation was that human-readable passwords are only 8-16 characters, while AES-256 requires exactly 32 unpredictable bytes—the gap cannot be bridged without a structured derivation step.

A KDF introduces a random salt and performs N rounds of computation (iterations). The deliberate computational cost makes brute-force and rainbow-table attacks significantly more expensive while guaranteeing one-wayness: even if an attacker captures the derived key, the original password cannot be recovered from it.

Use our tool to derive NIST-compliant keys: just paste your password or key material, pick an algorithm, and the tool returns a binary key ready for use.

#02

Top Algorithms: PBKDF2, HKDF, Scrypt & Argon2

The following four KDF algorithms are currently the industry mainstream, and our tool supports all of them:

  • PBKDF2 (RFC 2898 / PKCS #5 v2.0): the most widely deployed standard. It iterates an HMAC function N times with a random salt. OWASP recommends no fewer than 100,000 iterations. Works with any hash algorithm (SHA-256, SHA-512, etc.).
  • HKDF (RFC 5869): an HMAC-based KDF designed for scenarios where the input already has high entropy (such as DH/ECDH shared secrets). It operates in two steps: Extract and Expand. Unlike PBKDF2, HKDF does not strengthen weak passwords—it is used to "isolate and extend" already-strong key material.
  • Scrypt (RFC 7914): a memory-hard algorithm devised by Colin Percival for Tarsnap. Beyond iteration cost, Scrypt introduces memory cost N, block size r, and parallelism p, effectively neutralizing the advantage of custom ASICs. Recommended starting parameters: N=16384, r=8, p=1.
  • Argon2id: winner of the 2015 Password Hashing Competition (PHC), the most modern and secure choice today. Resists CPU, GPU, and ASIC attacks simultaneously. Parameters include time cost t, memory cost m (in KiB) and parallelism p.
#03

Data Security & Privacy

This tool is built around the principle of "100% frontend-only operation". All PBKDF2, HKDF, Scrypt, and Argon2 computation happens locally inside your browser. No password, no salt, no derived key is ever sent to any server, nor is any input cached or persisted anywhere.

For highly sensitive key material (e.g. production shared secrets or derivation seeds), we recommend working in an offline or otherwise controlled environment, or manually redacting sensitive fields before pasting.

The implementation uses the browser's native Web Crypto API (for PBKDF2 / HKDF) and the open-source noble-hashes library. You can disconnect from the network and keep using the tool in full offline mode.

📖 Want to Learn More?
Read the complete KDF guide: in-depth analysis of four algorithms, salt management strategies, recommended parameters, and quantum-resistant migration advice (~10 min read)
Read Complete Guide →