Guides/Cryptography

PBKDF2, in one page: why passwords need slowing down

PBKDF2 (Password-Based Key Derivation Function 2) turns a password into a cryptographic key by hashing it many thousands of times. The point is to make guessing expensive: a computer that could try a billion passwords a second against a raw hash tries only a few thousand against PBKDF2.

Why not just hash the password once?

A single hash is fast, and ‘fast’ is exactly what an attacker wants when guessing. PBKDF2 adds deliberate slowness — the same slowness for you, once per unlock; a devastating slowness for a guesser doing billions per second.

How Elba uses it

Elba derives a 256-bit AES-GCM key from your password using PBKDF2 with a per-vault salt and a high iteration count. Your password is never stored; only the sealed vault is.

Questions people actually ask

Is PBKDF2 still considered safe?
Yes, when used with a large iteration count and a random salt. It is a FIPS-approved standard and the WebCrypto default for password-based keys.
Would Argon2 be better?
Argon2 is stronger against custom hardware. PBKDF2 is used because it ships in WebCrypto everywhere — no external dependency needed.

Take the island

Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.

  1. €49MMXXVI· now ·
  2. €39MMXXVII2027
  3. €29MMXXVIII2028
  4. €19MMXXIX2029
  5. FreeMMXXX2030

the price falls each year · free to all 1 jan 2030

pay once · no account · nothing leaves

Related guides