Tools

PBKDF2 Hash Generator Online

Generate PBKDF2 password hashes with a chosen PRF (HMAC-SHA256/512/1), iteration count and output length. Runs entirely in your browser.

Supported Tools:

Feedback

Input Text

Salt

Output length (bytes)

Iterations

PRF

Live Mode

Or Upload File

No file chosen

Output

Suggested Tools

Generate PBKDF2 password hashes with a chosen PRF, iteration count and output length. Runs entirely in your browser.

What is PBKDF2?

PBKDF2 (Password-Based Key Derivation Function 2) is a long-standing standard, defined in RFC 8018, for turning a password into a key or a stored hash. It repeats a pseudorandom function many times to make brute forcing slow, and it is widely supported and FIPS-friendly, which keeps it common in enterprise and compliance settings. This tool derives a PBKDF2 value from a password and salt and returns the hex digest. Everything is computed locally via WebAssembly.

Example

Input:

password + salt, HMAC-SHA256, 100000 iterations

Output:

a 64-character hex digest (for 32 output bytes)

FAQ

How many iterations should I use?
PBKDF2 has no memory hardness, so it is more exposed to GPUs. Use a high count, such as 600,000 or more for HMAC-SHA256, and tune so one hash takes a few hundred milliseconds.
Which PRF is best?
HMAC-SHA256 is a good default. HMAC-SHA512 can be slightly stronger on 64-bit hardware. HMAC-SHA1 is offered for compatibility with older systems only.
Is PBKDF2 still acceptable?
Yes, especially where standards require it, but Argon2id or scrypt are preferred for new designs because they are memory-hard.
Is my password sent anywhere?
No. The derivation runs locally in your browser with WebAssembly.