Skip to content
No description, website, or topics provided.
TypeScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.appveyor.yml
.travis.yml
LICENSE
README.md
mod.ts
test.ts
test_vectors.json

README.md

pbkdf2

Travis AppVeyor

Password-Based Key Derivation Function 2.

Usage

import { pbkdf2 } from "https://denopkg.com/chiefbiiko/pbkdf2/mod.ts";

console.log("PBKDF2 HMAC-SHA256 example", pbkdf2("sha256", "password", "salt"));

API

Prep: a generic representation of a keyed hash algorithm implementation.

export interface KeyedHash {
  hashSize: number;
  init(key: Uint8Array): KeyedHash;
  update(msg: Uint8Array, inputEncoding?: string): KeyedHash;
  digest(outputEncoding?: string): string | Uint8Array;
}

new PBKDF2(hmac: KeyedHash, rounds: number = 10000)

Creates a new PBKDF2 instance. hmac must be keyed hash conforming to above interface, fx hmac.

PBKDF2#derive(password: string | Uint8Array, salt: string | Uint8Array, length?: number, inputEncoding?: string, outputEncoding?: string): string | Uint8Array

Derives a key from given password and salt. The length parameter can be used to control the byte length of the derived key. It defaults to a half of the byte length of the given keyed hash's digest. inputEncoding can be either null, in which case the password and salt are treated as binary input, or one of "utf8", "hex", "base64". The same applies to outputEncoding.

pbkdf2(hash: string, password: string | Uint8Array, salt: string | Uint8Array, inputEncoding?: string, outputEncoding?: string, length?: number, rounds: number = 10000): string | Uint8Array

Convenience function for deriving a key from a password and salt. hash should be one of "sha1", "sha256", or "sha512", with the last two representing the respective SHA2 variants. The length parameter can be used to control the byte length of the derived key, whereas the rounds parameter controls the number of iterations. length defaults to a half of the byte length of the given keyed hash's digest. See above for possible values for the *encoding parameters.

Note

RFC 8018 recommends a salt length of at least 64 bits, whereas NIST recommends 128 bits. The rounds parameter of the constructor and the convenience function in this module defaults to 10000, indicating the number of derivation iterations. Check out the RFC for more security considerations with regard to the salt and iteration count.

License

MIT

You can’t perform that action at this time.