Key derivation function

A Key derivation function is a cryptographic hash function which is designed to make a small key or password harder to attack using a dictionary attack or brute force attack.

It is normally expressed as ${\displaystyle DK=(Key,Salt,Iterations)}$ where ${\displaystyle DK}$ is the derived key, ${\displaystyle Key}$ is the original key, ${\displaystyle Salt}$ is a large random number (typically around ${\displaystyle 2^{6}4}$), and ${\displaystyle Iterations}$ refers to the number of iterations of a sub-function (typically ${\displaystyle 1000}$).

The values of ${\displaystyle DK,Salt}$ and ${\displaystyle Iterations}$ can then be stored insecurely.

When we have a large number of iterations it is practical time-wise for ${\displaystyle DK}$ to be computed for a single password, but not for a large number of passwords as a brute force attack would require. The use of ${\displaystyle Salt}$ prevents the attackers from precomputing a dictionary of derived keys.