PBKDF2 Cost Estimator

Choose your hardware tier and target hash time to get OWASP-aligned PBKDF2 iteration count recommendations for SHA-256 and SHA-512.

PBKDF2 Parameters

OWASP recommends ~600ms for interactive logins.

ms

Recommended Iteration Count

Recommended
600,000
iterations
OWASP Minimum
600,000
iterations
Est. Hash Time
600ms
HMAC Variant
SHA-256
Output
32 bytes
Meets OWASP 2023 minimum

Code Snippet


                
            

Attacker Cost Context

A GPU (RTX 4090) can attempt ~3.5B MD5 hashes/second. Against PBKDF2-SHA256 it is limited to roughly:

@ 100k iterations
~35,000/s
@ 600k iterations
~5,800/s
@ 1.2M iterations
~2,900/s

Each doubling of iterations halves attacker throughput. A 10-character random password with 600k iterations gives an attacker roughly 500+ years on a single GPU.

Copied to clipboard

Summary

Choose your hardware tier and target hash time to get OWASP-aligned PBKDF2 iteration count recommendations for SHA-256 and SHA-512.

How it works

  1. Select your server hardware tier (low-end VPS, mid-range server, or high-end dedicated).
  2. Enter your target hash time in milliseconds — OWASP recommends 600ms for interactive logins.
  3. Choose the HMAC variant: SHA-256 (faster, 256-bit output) or SHA-512 (slower per iteration, 512-bit output).
  4. The estimator multiplies the hardware baseline speed (iterations/second) by your target time to get a recommended iteration count.
  5. Review the OWASP minimum floor — the tool always returns at least that floor even if your hardware is very fast.
  6. Use the recommended count in your server-side hashing code; never run PBKDF2 in the browser for real password storage.

Use cases

  • Tune PBKDF2 parameters when setting up a new authentication service.
  • Verify that legacy iteration counts still meet current OWASP minimums.
  • Compare SHA-256 vs SHA-512 costs on your specific hardware tier.
  • Generate code snippets for Node.js, Python, and PHP implementations.
  • Estimate login latency impact before deploying a parameter change.
  • Teach developers why iteration count choice matters for password security.

Frequently Asked Questions

Last updated: 2026-07-01 · Reviewed by Nham Vu