PBKDF2: How Your Password Becomes an Uncrackable Encryption Key

Your password isn't your encryption key — it's the seed for one. PBKDF2 is the function that takes a memorable password and stretches it into a 256-bit AES key that brute-force attacks simply can't keep up with.

The password problem

Humans pick bad passwords. Even "good" human passwords contain only 30 to 50 bits of entropy — a tiny fraction of the 256 bits AES wants. If you used a raw password directly as an encryption key, an attacker who got a sample of your ciphertext could just guess passwords until something decrypted cleanly. Game over.

You need something between "the password the user can remember" and "the high-entropy key the cipher expects." That something is a key derivation function.

What "key derivation" actually means

A key derivation function (KDF) is a one-way transformation that turns a password into a key. Good KDFs share three properties:

• Deterministic: same password + same salt → same key, every time.
• Slow: yes, intentionally slow. We'll come back to this.
• One-way: given the output key, you cannot reverse it to recover the password.

PBKDF2 — Password-Based Key Derivation Function 2 — is the version used by LifetimeCloud. It's been a standard since 2000, is built into every browser's Web Crypto API, and is approved by NIST for password-based encryption.

PBKDF2 in 60 seconds

PBKDF2 takes four inputs: your password, a salt, an iteration count, and a hash function (we use SHA-256). The output is a key of whatever length you ask for — 256 bits, in our case.

The salt is a unique random value tied to your account. It prevents two users with the same password from ending up with the same key, and it kills "rainbow table" attacks where attackers pre-compute hashes of common passwords.

The iteration count is where the magic happens. PBKDF2 doesn't hash your password once — it hashes the output, then hashes that, then hashes that, and so on. Hundreds of thousands of times.

Why iterations are the whole game

Imagine an attacker who somehow got hold of your encrypted data and your salt. They want to brute-force your password. Each guess requires them to run the full PBKDF2 pipeline. With a single iteration, that's a tiny hash operation — they can try billions of passwords per second.

With 310,000 iterations — what LifetimeCloud uses, matching the current OWASP recommendation — each guess takes meaningful CPU time. On modern hardware, that drops the attacker from billions of guesses per second to maybe a few thousand. Across a typical password search space, that's the difference between hours and centuries.

The threat model

PBKDF2 doesn't make a bad password good. If your password is "password123", an attacker focused only on you can still try common passwords first and find it quickly. What PBKDF2 does is:

• Make mass attacks economically pointless (no precomputation).
• Make brute-force against decent passwords computationally infeasible.
• Provide a cost floor on every guess, no matter how many GPUs the attacker rents.

This is why we recommend a passphrase of at least 4 random words. Combined with 310,000 PBKDF2 iterations, the attacker's job becomes mathematically hopeless.