What They Solve
Raw secrets are rarely shaped like a good key. A password is low entropy and a Diffie Hellman output is raw bytes. A key derivation function, KDF, transforms such material into one or more strong, fixed length keys.
Two Flavors
- Password based KDFs like PBKDF2 and Argon2 add slowness and a salt to resist guessing.
- Extract then expand KDFs like HKDF take a high entropy secret and derive several independent keys from it efficiently.
How HKDF Works
HKDF first extracts a uniform pseudorandom key from the input, then expands it into as many output keys as needed, using a label so each key has a distinct purpose. This separation keeps keys for different uses independent.
Practical Rules
- Use a password based KDF when the input is a human password.
- Use HKDF after a key exchange to split one shared secret into distinct keys.
- Always include context labels so the same secret never yields the same key for two purposes.
Key idea
Key derivation functions turn imperfect secrets into strong keys, using slow password based KDFs for human passwords and extract then expand KDFs like HKDF to split a high entropy shared secret into distinct labeled keys.