ToolypetMCP
intermediate3 minutessecurity

Passphrase to Key Derivation

Generate a secure passphrase, hash it to derive a key, and use the key for HMAC signing.

passphrasekey-derivationhmaccryptography

이 레시피 활용 시점

Demonstrates passphrase-based key derivation for user-facing encryption. Users remember the passphrase, the system derives the cryptographic key.

단계

1

Passphrase Generator

이 도구 사용해보기

Create a memorable passphrase

프롬프트:Generate a 6-word diceware passphrase for key derivation
2

Password Strength Checker

이 도구 사용해보기

Verify passphrase entropy

프롬프트:Evaluate the passphrase strength: entropy bits and estimated crack time
3

Hash Calculator

이 도구 사용해보기

Derive encryption key

프롬프트:Hash the passphrase with SHA-256 to derive a 256-bit key (simulating PBKDF2 output)
4

HMAC Generator

이 도구 사용해보기

Test the derived key

프롬프트:Use the derived key to generate an HMAC signature of a test message

자주 묻는 질문

Why use a passphrase instead of a random key?

Passphrases are human-memorable. A 6-word diceware passphrase has ~77 bits of entropy — strong enough for most applications while being something users can remember.

Should I use SHA-256 for key derivation in production?

No. Use PBKDF2, scrypt, or Argon2 which add computational cost (iterations/memory) to resist brute-force. This recipe uses SHA-256 for demonstration only.

관련 레시피

Secure Password Workflow

Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.

Web Security Header Audit

Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.

JWT Authentication Setup

Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.

API Security Hardening

Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.

전체 레시피로 돌아가기