diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md
index 797d9f2..ef16781 100644
--- a/book/source/03-cryptography.md
+++ b/book/source/03-cryptography.md
@@ -16,6 +16,15 @@ Here are two important properties of cryptographic hash functions:
 - ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents.
 - ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value.
 
+### Key Derivation Functions
+
+Hash functions can also be used to construct [key derivation functions](https://en.wikipedia.org/wiki/Key_derivation_function) (KDF).
+Those can for instance be used to derive symmetric key material from a password by repeatedly feeding it through a hash function.
+
+A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is based on the [HMAC](https://en.wikipedia.org/wiki/HMAC) message authentication code.
+
+More information on KDFs and their use in the OpenPGP protocol can be found in chapters XXX (S2K) and YYY (SEIPDv2).
+
 ## Symmetric-key cryptography
 
 [Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption, unlike asymmetric cryptography where a pair of keys is used: a public key for encryption and a corresponding private key for decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations.