A few months ago I entered to cryptography, and I have a doubt. Technically, a PBKDF, converts any password (with any keylength), to a one key with a specific keylength. I understand this is for can use any user entered password with cipher algorithms, resulting no errors of keylength.
For example, if AES 128 accepts 128 bit key size, I have 2^128 possibilities to found the correct key (X) when I decrypt with brute force. But user password possibilities are infinites (in theory, in practice a far away keylength value delimits possibilities). So, a infinite number of user passwords when program applies a PBKDF, becomes to the same 128 bit derivated key (X). Anyway, minimum a 128 bit user password, applying PBKDF, results the correct derivated key (X). This is true? I'm only intented apply logic to concept.
Anyway, I remember 128 bit keylength brute force implies very much time.
Yes, of course, there are many more possible passphrases than there are keys. On the other hand, assuming the hash function is good, finding a collision would take 2^64 work, and finding a preimage would take 2^128 work. So this is not a problem in practice.
Edit in reply to comment:
It sounds like you're saying that you can pick a nice long random password, but it's possible it will generate the same hash as a very short one? Well, yes, it's possible, but with probability so low that in practice it's not worth worrying about.
Let's consider all the possible 8-character passwords. 94 printable characters, raised to the 8th power, gives fewer than 2^53 possibilities. Out of a universe of 2^128 hashes, the probability of hitting one of these by accident is less than 2^-75, or less than 1 in 10^22. It's far more likely we'll be hit by a major asteroid strike and civilization will end.