From Trezor Wiki
Jump to: navigation, search

PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function with a sliding computational cost, aimed to reduce the vulnerability of encrypted keys to brute force attacks.

PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.

When the standard was written in the year 2000 the recommended minimum number of iterations was 1000.

PBKDF2 in Trezor[edit]

PBKDF2 is used during creation of master binary seed from Recovery seed (mnemonic sentence).

See also BIP39

Like Trezor? Get one here!