Calculator Inputs
Use the responsive input grid below. Large screens show three columns, medium screens show two, and mobile shows one.
Example Data Table
Use these sample configurations to compare workload, salt size, and output shape before testing your own values.
| Scenario | Algorithm | Salt Format | Salt Bytes | Iterations | Derived Length | Output Style |
|---|---|---|---|---|---|---|
| Web login baseline | SHA256 | Text | 16 | 150000 | 32 bytes | Hex |
| Archive encryption key | SHA512 | Hex | 24 | 300000 | 64 bytes | Base64 |
| API secret derivation | SHA256 | Base64 | 16 | 200000 | 48 bytes | Hex |
| Device pairing token | SHA384 | Text | 12 | 120000 | 24 bytes | Base64 |
Formula Used
PBKDF2 derives a key by repeatedly applying a pseudorandom function to a password and salt. The complete output is built from blocks:
PBKDF2(P, S, c, dkLen) = T1 || T2 || ... || Tl
Each block starts with
U1 = PRF(P, S || INT_32_BE(i))
and continues with
Uj = PRF(P, Uj-1)
for iterations 2 through c.
The final block value is the XOR of all iteration outputs:
Ti = U1 ⊕ U2 ⊕ ... ⊕ Uc.
The calculator reports digest size, number of blocks, total PRF calls, and the final encoded derived key.
How to Use This Calculator
- Enter a password or passphrase for testing.
- Add a salt and choose whether it is text, hex, or base64.
- Select the HMAC hash algorithm used by the pseudorandom function.
- Choose the iteration count and target derived key length in bytes.
- Pick the output display format, then submit the form.
- Review the derived key, block count, PRF calls, and chart of byte values.
- Export the current result as CSV or PDF, or save the sample table as CSV.
Frequently Asked Questions
1. What does this calculator actually compute?
It derives a PBKDF2 key from the password, salt, iteration count, hash algorithm, and target output length. It also reports block counts, digest length, and total pseudorandom function calls.
2. Why does salt format matter?
The same visible salt can represent different byte sequences depending on whether it is treated as plain text, hexadecimal, or base64. PBKDF2 operates on bytes, not on visual characters alone.
3. What does the iteration count change?
Higher iteration counts increase the number of repeated PRF evaluations. That raises computation cost and changes the derived key because the repeated chain values are different.
4. Why can the block count be greater than one?
Each PBKDF2 block contributes up to one digest length of output. When the requested derived key length exceeds that digest length, additional blocks must be generated and concatenated.
5. Is hex output different from base64 output?
The underlying derived bytes stay the same. Only the text encoding changes. Hex is longer and byte oriented, while base64 is shorter and often easier to transmit in compact text systems.
6. What does the Plotly graph show?
It plots each derived key byte against its position. The chart helps you inspect the result structure visually, compare different runs, and verify that changing inputs produces a different byte pattern.
7. Can I use this page for production authentication?
Treat this page as an educational calculator and testing aid. Avoid pasting live credentials into public tools. Production authentication needs secure handling, storage design, and careful deployment controls.
8. Why do similar inputs still produce different outputs?
Changing even one detail, such as a single password character, one salt byte, the algorithm, the length, or the iteration count, creates a different PBKDF2 result.