• Home
• Source Code
• Downloads
• Documentation
• Donate
• Forums

Documentation Key Derivation Algorithms PBKDF2

PBKDF2

PBKDF2 (Password-Based Key Derivation Function 2) is a widely used KDF that applies a pseudorandom function (HMAC) repeatedly to slow down password guessing. In VeraCrypt, PBKDF2 is available with several HMAC hash functions and is used to derive the keys that decrypt a volume header.

PBKDF2-HMAC Variants Supported in VeraCrypt

• PBKDF2-HMAC-SHA-512
• PBKDF2-HMAC-SHA-256
• PBKDF2-HMAC-Whirlpool
• PBKDF2-HMAC-BLAKE2s-256
• PBKDF2-HMAC-STREEBOG

Parameters in VeraCrypt

Salt

A 512-bit random salt (stored in the volume header) is mixed into the password to prevent precomputation and rainbow-table attacks.

Iteration Count

The number of PBKDF2 iterations depends on the selected HMAC hash, the context (e.g., system vs. non-system encryption), and the PIM value. Increasing PIM increases the iteration count and thus the time required to derive keys. For exact values and formulas, see Header Key Derivation, Salt, and Iteration Count.

Output Length

The derived key length depends on the selected encryption algorithm(s) (e.g., 256 bits for AES-256, 768 bits for AES-Twofish-Serpent cascades).

Advantages and Considerations

• Broad compatibility: PBKDF2 is widely supported across platforms and environments.
• Low memory requirements: Suitable for constrained systems.
• Not memory-hard: Compared to Argon2id, PBKDF2 offers less resistance to attacks using massively parallel hardware (GPUs/ASICs). Consider raising PIM if you must use PBKDF2.

Related Topics

• Key Derivation Algorithms (overview)
• Argon2id
• Header Key Derivation, Salt, and Iteration Count
• Personal Iterations Multiplier (PIM)