In cryptography, a key derivation function (KDF) makes a long secret key (which is called a "hash") from a secret phrase, like a password.[1][2] The output of a key derivation function will look common to another result made from a random phrase. They are also used to re-use secret keys in a specific format, like using a shared secret key from the Diffie–Hellman key exchange for sending secrets in AES.[3]
Key derivation functions are important in security. They allow a smaller "secret phrase" to be expanded into a larger key (of a fixed length decided by the KDF's digest size[4]). This makes trying to find the original "secret phrase" more difficult. The length of the key makes it more difficult to discover the phrase or the hidden secret by trial and error (i.e. through brute-forcing), by making it difficult for a computer to guess.[5] Sometimes, a small piece of random data (called a "salt") is added to the secret phrase before it is used with a KDF to make it more difficult guess the original "secret phrase" with a list of known "hashes".
It makes checking passwords safer without using the real password. Instead of keeping the real password, a "hash" of the key is kept and when checking the password, the "hash" of the real password is checked with the input.[6] Some software put a limit on the length of a password and is sometimes used to make larger secret phrases smaller. KDFs are also made in a way so that, it takes a computer some effort to make the "hash". This makes making a list of potential combinations difficult.[7]