pbkdf2

What is pbkdf2?

The pbkdf2 npm package is a library that implements the password-based key derivation function 2 (PBKDF2). It is used to securely derive a cryptographic key from a password. This package is a pure JavaScript implementation and can be used in Node.js applications.

What are pbkdf2's main functionalities?

Deriving a key from a password

This code sample demonstrates how to use the pbkdf2 package to derive a cryptographic key from a password. It uses a random salt, a specified number of iterations, key length, and digest algorithm.

const crypto = require('crypto');
const pbkdf2 = require('pbkdf2');

const password = 'secret';
const salt = crypto.randomBytes(16).toString('hex');
const iterations = 100000;
const keylen = 64;
const digest = 'sha512';

pbkdf2.pbkdf2(password, salt, iterations, keylen, digest, (err, derivedKey) => {
  if (err) throw err;
  console.log(derivedKey.toString('hex')); // '3745e48...aa39b34'
});

Other packages similar to pbkdf2

bcrypt

bcrypt is a popular npm package used for hashing passwords. It is based on the Blowfish cipher and includes a salt to protect against rainbow table attacks. Unlike pbkdf2, bcrypt has its own built-in salt generation and a simpler API for hashing and comparing passwords.

argon2

argon2 is another npm package that provides password hashing. It is the winner of the Password Hashing Competition and is recommended for new applications over pbkdf2 and bcrypt. Argon2 has better resistance to GPU cracking attacks and offers multiple variants for different use cases.

scrypt

scrypt is a password-based key derivation function that is designed to be far more secure against hardware brute-force attacks than alternative functions such as pbkdf2. It is also available as an npm package and is used for secure password hashing by requiring more memory to perform the hash.

README

pbkdf2

This library provides the functionality of PBKDF2 with the ability to use any supported hashing algorithm returned from crypto.getHashes()

Usage

var pbkdf2 = require('pbkdf2')
var derivedKey = pbkdf2.pbkdf2Sync('password', 'salt', 1, 32, 'sha512')

...

For more information on the API, please see the relevant Node documentation.

For high performance, use the async variant (pbkdf2.pbkdf2), not pbkdf2.pbkdf2Sync, this variant has the oppurtunity to use window.crypto.subtle when browserified.

Credits

This module is a derivative of cryptocoinjs/pbkdf2-sha256, so thanks to JP Richardson for laying the ground work.

Thank you to FangDun Cai for donating the package name on npm, if you're looking for his previous module it is located at fundon/pbkdf2.