Deepak Gupta

Key Derivation Function

Key Derivation Function.

A cryptographic function that transforms a password or low-entropy input into a fixed-length key using a slow, salted, and (ideally) memory-hard process designed to resist brute-force attacks.

A KDF is a hash function with deliberate inefficiency. A general-purpose hash like SHA-256 is designed to be fast; a KDF is designed to be slow, parameterized, and (in the Argon2 and scrypt cases) memory-hard so GPU and ASIC attackers cannot trivially parallelize cracking. Using SHA-256 for password storage is a category error.

Tuning the work factor is the operational decision. The standard rule: pick the slowest setting your authentication endpoints can tolerate, where "tolerate" usually means 100-500ms per verification. Argon2id default memory cost (64-256 MB) is reasonable for server-side deployments; on memory-constrained edge functions, scrypt's tunable memory parameter or bcrypt's CPU-only cost may be the right choice.

Common questions

Is a KDF the same as a hash function?

Should I use Argon2, bcrypt, or scrypt?

How slow should a KDF be?

Related terms

In the guides

Password Security and Storage: Hashing, Salting, and What Actually Works in 2026
Passwords still exist, and storing them correctly still matters. The 2026 production-grade answer: Argon2id with per-user salt, optional pepper, no fast hashes, no reversible encryption.