> ## Documentation Index
> Fetch the complete documentation index at: https://support.locker.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Password-based Key Derivation Function 2 (PBKDF2)

> Introduction to the PBKDF2 SHA-256 algorithm and how Locker uses it to derive Encryption Keys from the Master Password

## Password-based Key Derivation Function 2 (PBKDF2)

The PBKDF2 (Password-based Key Derivation Function 2) SHA-256 algorithm is used to derive Encryption Keys from the user's [Master Password](/en/locker-whitepaper/security-fundamentals/master-password). The Master Password is hashed locally on the user's machine, using the user's email address as a salt and a hashing technique, before being sent to Locker's servers. When Locker's servers receive the hashed Master Password, it is hashed once more with a cryptographically secure random salt (generated by the [CSPRNG algorithm](/en/locker-whitepaper/security-fundamentals/cryptographically-secure-pseudorandom-number-generator)), along with a hashing technique, and then stored in Locker's database.

The default number of iterations used with the PBKDF2 algorithm is **100,001** iterations on the user's machine, followed by an additional **216,000** iterations when stored on Locker's servers (for a total of **316,001** iterations by default).

<img src="https://mintcdn.com/locker/RN2-OO7uarVxuthM/images/en/locker-whitepaper/security-fundamentals/PBKDF2.png?fit=max&auto=format&n=RN2-OO7uarVxuthM&q=85&s=cbc0c953f178eb8e1a90254dfd4f6a35" alt="PBKDF2" width="1190" height="1430" data-path="images/en/locker-whitepaper/security-fundamentals/PBKDF2.png" />

The PBKDF2 algorithm takes 5 input parameters:

$$
key = PBKDF2(password, salt, iter\_count, hash\_func, key\_len)
$$

Where:

* `password`: the user's master password.
* `salt`: cryptographic salt; here Locker uses the user's email as the initial salt.
* `iter_count`: number of iterations.
* `hash_func`: hash algorithm with output length $h_{len}$.
* `key_len`: desired length of the key.

The key `K` is divided into blocks of maximum length $h_{len}$. For each block $KH_i$:

1. Use the [hash function](/en/locker-whitepaper/security-fundamentals/hash-function) `iter_count` times with the input being `password` and `salt`, where the first `salt` is the user's email, and subsequent `salt` values are the output of the previous hash:

$$
H_1 = hash\_func(password, email)
$$

$$
H_2 = hash\_func(password, H_1)
$$

$$
\vdots
$$

$$
H_(iter\_count) = hash\_func(password, H(iter\_count-1))
$$

2. Perform an XOR operation with all outputs $Hi$ from step 1:

$$
KH_i = H_1 \oplus H_2 \oplus \dots \oplus H(iter\_count)
$$

3. Finally, all blocks $KHi$ concatenated together produce the key $K$:

$$
K = KH_1 \parallel KH_2 \parallel \dots \parallel KH(key\_len / h_{len})
$$