Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis. Even though key derivation plays a central role in the security landscape, it has received surprisingly little formal study within the cryptographic community, leading to a large disconnect between the theory and practice. In this project, several important scenarios for key derivation are examined for their capability to improve security with provable guarantees, including the use of random number generators (RNGs), passwords, and biometrics. In particular: