[PrimeMcFly]

Guess how many systems are using KDF algorithms in practice?

[TillE]

Probably the vast majority of important systems. PBKDF2 has been around forever and is in very widespread use.

[stavros]

The fact that they aren't implementing the solution doesn't mean that the solution doesn't exist or isn't effective, though.

Plus, nowadays, most (all?) big frameworks have used KDFs by default for years.

[PrimeMcFly]

True. I don't think Windows or Linux do though, right?

[stavros]

Linux uses bcrypt by default, AFAIK. Windows had NTLM last I looked, but I don't know what they have now.

[zoolily]

Ubuntu Linux used to use a SHA2 hash repeated 5000 times, but my Ubuntu 22.04 system uses yescrypt, which is one of those KDFs.

[PrimeMcFly]

nice!