PBKDF2 with pepper

Mohamed Waleed

11/27/22, 10:45 PM

The main purpose of PBKDF2 is to generate a strong key from a weak password by using an input (the weak password) and a salt (which is stored in plaintext).

Is it useful to use a pepper with PBKDF2 ?
and if it so, what is the best way to do it and why:

do a PRF (e.g. HMAC) on the weak password with the pepper and use the result as the PBKDF2 input ?
do the PBKDF2 first then do a PRF (e.g. HMAC) on the ouput with the pepper ?

0 + 0

pbkdf-2

pseudo-random-function

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: PBKDF2 with pepper

TH: PBKDF2 กับพริกไทย

RO: PBKDF2 cu piper

RU: ПБКДФ2 с перцем

VI: PBKDF2 với hạt tiêu

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.