pbkdf2
Advanced tools
Package description
The pbkdf2 npm package is a library that implements the password-based key derivation function 2 (PBKDF2). It is used to securely derive a cryptographic key from a password. This package is a pure JavaScript implementation and can be used in Node.js applications.
Deriving a key from a password
This code sample demonstrates how to use the pbkdf2 package to derive a cryptographic key from a password. It uses a random salt, a specified number of iterations, key length, and digest algorithm.
const crypto = require('crypto');
const pbkdf2 = require('pbkdf2');
const password = 'secret';
const salt = crypto.randomBytes(16).toString('hex');
const iterations = 100000;
const keylen = 64;
const digest = 'sha512';
pbkdf2.pbkdf2(password, salt, iterations, keylen, digest, (err, derivedKey) => {
if (err) throw err;
console.log(derivedKey.toString('hex')); // '3745e48...aa39b34'
});bcrypt is a popular npm package used for hashing passwords. It is based on the Blowfish cipher and includes a salt to protect against rainbow table attacks. Unlike pbkdf2, bcrypt has its own built-in salt generation and a simpler API for hashing and comparing passwords.
argon2 is another npm package that provides password hashing. It is the winner of the Password Hashing Competition and is recommended for new applications over pbkdf2 and bcrypt. Argon2 has better resistance to GPU cracking attacks and offers multiple variants for different use cases.
scrypt is a password-based key derivation function that is designed to be far more secure against hardware brute-force attacks than alternative functions such as pbkdf2. It is also available as an npm package and is used for secure password hashing by requiring more memory to perform the hash.
Readme
| Package | |
| Description | Hash password and compare with PBKDF2, use sha1, sha256, sha512, etc. |
| Node Version | >= 0.11.11 |
npm install pbkdf2
var pbkdf2 = require('pbkdf2');
var p = 'password';
var s = pbkdf2.generateSaltSync(32);
var pwd = pbkdf2.hashSync(p, s, 1, 20, 'sha256');
var bool = pbkdf2.compareSync(pwd, p, s, 1, 20, 'sha256');
hash(password, salt, iterations, keylen, algorithm, callback(password_hash))hashSync(password, salt, iterations, keylen, algorithm), return password_hashgenerateSalt(callback(salt), saltlen)generateSaltSync(saltlen), return saltcompare(password_hash, password, salt, iterations, keylen, algorithm, callback(bool))compareSync(password_hash, password, salt, iterations, keylen, algorithm), return bool
FAQs
This library provides the functionality of PBKDF2 with the ability to use any supported hashing algorithm returned from crypto.getHashes()
We found that pbkdf2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).
Security News
LDAPjs, an LDAP Client and Server API for Node.js, was decommissioned after its maintainer received an abusive email from a user, raising concerns about this form of abuse as a potential attack vector.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.