PBKDF2

PBKDF2 - 设计的目的用于基于密码推导秘钥，从密码到生成秘钥需要一定的时间开销，用来提升暴力破解的成本

wiki - https://en.wikipedia.org/wiki/PBKDF2

摘录：

Purpose and operation[edit]

PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.

When the standard was written in the year 2000 the recommended minimum number of iterations was 1000, but the parameter is intended to be increased over time as CPU speeds increase. As of 2005 a Kerberos standard recommended 4096 iterations,[3] Apple iOS 3 used 2000, iOS 4 used 10000,[4] while in 2011 LastPass used 5000 iterations for JavaScript clients and 100000 iterations for server-side hashing.[5]

Algorithmic representation of the iterative process of the Password Based Key Derivation Function 2.

Having a salt added to the password reduces the ability to use precomputed hashes (rainbow tables) for attacks, and means that multiple passwords have to be tested individually, not all at once. The standard recommends a salt length of at least 64 bits.[6]