This manual page documents briefly the nettle-pbkdf2 command. This manual page was written for the
Debian GNU/Linux distribution because the original program does not have a manual page.
nettle-pbkdf2 is a front-end for Nettle's PBKDF2 (Password-Based Key Derivation Function 2)
implementation. PBKDF2 applies a pseudo-random function to a passphrase together with a salt, producing a
derivedkey of arbitrary length. By iterating the process many times, feeding the output of each round as
the input of the next, brute-force cracking of the password is made to take correspondingly longer time.
The use of a salt makes it harder to use dictionaries or rainbow tables. As computers become more
powerful, the number of iterations can be increased without changing the rest of the algorithm.
The pseudo-random function used by this tool is currently HMAC-SHA256.
The password is read from standard input and the resulting derived key is written to standard output in
groups of 16 hexadecimal digits, unless the --raw option is used. The salt and number of iterations are
not included in the output.