About PBKDF1
PBKDF1 (Password-Based Key Derivation Function 1), as defined in rfc2898, is an obsolete and superseded password hashing function. It has significant limitations and supports only a few hash algorithms.
Hash Algorithms Allowed in PBKDF1
PBKDF1 supports only hash algorithms whose output is no longer than the derived key size (maximum output: 160 bits). Specifically:
| Hash Algorithm | Output Size | Supported in PBKDF1? |
|---|---|---|
| MD2 | 128 bits | Yes |
| MD5 | 128 bits | Yes |
| SHA-1 | 160 bits | Yes |
PBKDF1 cannot be used with modern hash algorithms like SHA-256, SHA-384, or SHA-512 because their output sizes exceed the limit of 160 bits.
Important Warnings
- PBKDF1 is insecure for modern applications.
- It has been replaced by PBKDF2 (defined in PKCS #5 v2.0 and RFC 8018), which supports:
- Arbitrary output lengths
- Any hash function (e.g., SHA-256, SHA-512)
- Much stronger key stretching via configurable iteration counts
Recommendation
Do not use PBKDF1 in new applications. Use PBKDF2 or bcrypt, scrypt, or Argon2 for secure password hashing and key derivation.