2000s: PBKDF2 PKCS #5 v2.0 (1999), RFC 2898 (2000), NIST SP 800-132 (2010) Designed as a building block to use passwords and diversify keys in cryptographic protocols (not a password hash storage system) Several tunable parameters A pseudorandom function to apply (such as HMAC-SHA-1) Number of iterations Derived key length Mainly used for deriving encryption keys (WinZip, OpenDocument, ...; DPAPI, 1Password, ...; FileVault, TrueCrypt, Android, ...), but also used in WiFi WPA-PSK and for password hash storage (Mac OS X 10.8, Django)