Encrypting variable-length passwords to yield fixed-length encrypted passwords

According to one embodiment, encrypting passwords includes performing the following for each input password of a plurality of input passwords to yield encrypted passwords, where at least two input passwords have different lengths and the encrypted passwords have the same length. An input password and a random number are received at logic configured to perform a key derivation operation comprising a pseudorandom function. An encryption key is derived from the input password and the random number according to the key derivation operation. The encryption key and a user identifier are received at logic configured to perform a cipher-based message authentication code (CMAC) function. An encrypted password is generated from the encryption key and the user identifier according to the CMAC function.