Guides/Cryptography
PBKDF2, in one page: why passwords need slowing down
PBKDF2 (Password-Based Key Derivation Function 2) turns a password into a cryptographic key by hashing it many thousands of times. The point is to make guessing expensive: a computer that could try a billion passwords a second against a raw hash tries only a few thousand against PBKDF2.
Why not just hash the password once?
A single hash is fast, and ‘fast’ is exactly what an attacker wants when guessing. PBKDF2 adds deliberate slowness — the same slowness for you, once per unlock; a devastating slowness for a guesser doing billions per second.
How Elba uses it
Elba derives a 256-bit AES-GCM key from your password using PBKDF2 with a per-vault salt and a high iteration count. Your password is never stored; only the sealed vault is.
Questions people actually ask
- Is PBKDF2 still considered safe?
- Yes, when used with a large iteration count and a random salt. It is a FIPS-approved standard and the WebCrypto default for password-based keys.
- Would Argon2 be better?
- Argon2 is stronger against custom hardware. PBKDF2 is used because it ships in WebCrypto everywhere — no external dependency needed.
Take the island
Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.
- €49MMXXVI· now ·
- €39MMXXVII2027
- €29MMXXVIII2028
- €19MMXXIX2029
- FreeMMXXX2030
the price falls each year · free to all 1 jan 2030
pay once · no account · nothing leavesRelated guides
- AES-256-GCM, explained without a maths degree
AES-256-GCM in one page — what it is, why Elba uses it, and what it does and doesn't protect against.
- What happens if you forget your encryption password?
The honest answer, with Elba: nothing gets in. There is no reset link. Here's how to make sure you never need one.