npm:@phc/pbkdf2 | Skypack
You need to enable JavaScript to run this app.
Usage no npm install needed!
<script type="module">
import phcPbkdf2 from 'https://cdn.skypack.dev/@phc/pbkdf2';
</script>
lt;salt>lt;hash>
Where:
Field
Type
Description
<digest>
string
The HMAC digest algorithm applied to derive a key of the input password.
<iterations>
number
The number of iterations desired. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.
<salt>
string
A sequence of bits, known as a cryptographic salt encoded in B64 .
<hash>
string
The computed derived key by the pbkdf2 algorithm encoded in B64 .
For more details consult the pbkdf2 paper here .
Install
npm install --save @phc/pbkdf2
Usage
const pbkdf2 = require('@phc/pbkdf2');
// Hash and verify with pbkdf2 and default configs
const hash = await pbkdf2.hash('password');
// => $pbkdf2-sha512$i=10000$O484sW7giRw+nt5WVnp15w$jEUMVZ9adB+63ko/8Dr9oB1jWdndpVVQ65xRlT+tA1GTKcJ7BWlTjdaiILzZAhIPEtgTImKvbgnu8TS/ZrjKgA
const match = await pbkdf2.verify(hash, 'password');
// => true
const match = await pbkdf2.verify(hash, 'wrong');
// => false
const ids = pbkdf2.identifiers();
// => ['pbkdf2-sha1', 'pbkdf2-sha256', 'pbkdf2-sha512']
Benchmarks
Below you can find usage statistics of this hashing algorithm with different
options.
This should help you understand how the different options affects the running
time and memory usage of the algorithm.
Usage reports are generated thanks to sympact .
System Report ↴
Distro Release Platform Arch
-------- ------- -------- ----
Mac OS X 10.12.6 darwin x64
CPU Brand Clock Cores
------ -------------- -------- -----
Intel® Core™ i5-6360U 2.00 GHz 4
Memory Type Size Clock
---------------------- ------ ----------- --------
Micron Technology Inc. LPDDR3 4294.967 MB 1867 MHz
Micron Technology Inc. LPDDR3 4294.967 MB 1867 MHz
Default options - {iterations:25000, digest:'sha512'} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
0.90 % ± 0.00 % 0.90 % … 0.90 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
22.069 MB ± 0.504 MB 21.357 MB … 22.434 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.045 s 0.098 s 3 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- ----
0.030 s 0.90 % 21.357 MB 5268
0.081 s 0.90 % 22.417 MB 5268
0.098 s 0.90 % 22.434 MB 5268
1˙000 iterations - {iterations:1000, digest:'sha512'} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
1.70 % ± 1.00 % 0.70 % … 2.70 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
23.601 MB ± 0.561 MB 23.040 MB … 24.162 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.010 s 0.06 s 2 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.028 s 0.70 % 23.040 MB 96698
0.060 s 2.70 % 24.162 MB 96698
10˙000 iterations - {iterations:10000, digest:'sha512'} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
0.50 % ± 0.00 % 0.50 % … 0.50 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
23.562 MB ± 0.543 MB 23.020 MB … 24.105 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.021 s 0.069 s 2 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.027 s 0.50 % 23.020 MB 96709
0.069 s 0.50 % 24.105 MB 96709
25˙000 iterations - {iterations:25000, digest:'sha512'} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
0.90 % ± 0.00 % 0.90 % … 0.90 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
23.966 MB ± 0.516 MB 23.237 MB … 24.330 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.043 s 0.093 s 3 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.027 s 0.90 % 23.237 MB 96720
0.078 s 0.90 % 24.330 MB 96720
0.093 s 0.90 % 24.330 MB 96720
50˙000 iterations - {iterations:50000, digest:'sha512'} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
0.90 % ± 0.00 % 0.90 % … 0.90 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
24.047 MB ± 0.451 MB 23.265 MB … 24.314 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.072 s 0.126 s 4 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.027 s 0.90 % 23.265 MB 96733
0.075 s 0.90 % 24.293 MB 96733
0.108 s 0.90 % 24.314 MB 96733
0.126 s 0.90 % 24.314 MB 96733
100˙000 iterations - {iterations:100000, digest:'sha512'} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
15.65 % ± 17.27 % 0.70 % … 40.00 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
24.246 MB ± 0.389 MB 23.376 MB … 24.437 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.142 s 0.192 s 6 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.028 s 0.70 % 23.376 MB 96748
0.079 s 4.40 % 24.416 MB 96748
0.111 s 4.40 % 24.416 MB 96748
0.142 s 4.40 % 24.416 MB 96748
0.168 s 40.00 % 24.416 MB 96748
0.192 s 40.00 % 24.437 MB 96748
250˙000 iterations - {iterations:250000, digest:'sha512'} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
38.83 % ± 23.16 % 0.60 % … 68.10 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
24.286 MB ± 0.304 MB 23.192 MB … 24.388 MB
Execution time Sampling time Samples
-------------- ------------- ----------
0.368 s 0.42 s 14 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.028 s 0.60 % 23.192 MB 96767
0.075 s 0.60 % 24.367 MB 96767
0.105 s 20.90 % 24.367 MB 96767
0.136 s 20.90 % 24.367 MB 96767
0.166 s 20.90 % 24.367 MB 96767
0.197 s 20.90 % 24.367 MB 96767
0.229 s 50.90 % 24.367 MB 96767
0.262 s 50.90 % 24.367 MB 96767
0.289 s 50.90 % 24.367 MB 96767
0.319 s 50.90 % 24.367 MB 96767
0.346 s 50.90 % 24.367 MB 96767
0.378 s 68.10 % 24.367 MB 96767
0.404 s 68.10 % 24.388 MB 96767
0.420 s 68.10 % 24.388 MB 96767
500˙000 iterations - {iterations:500000, digest:'sha512'} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
61.37 % ± 28.77 % 0.70 % … 91.30 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
24.189 MB ± 0.225 MB 23.044 MB … 24.252 MB
Execution time Sampling time Samples
-------------- ------------- ----------
0.748 s 0.798 s 27 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.027 s 0.70 % 23.044 MB 96802
0.077 s 13.60 % 24.232 MB 96802
0.107 s 13.60 % 24.232 MB 96802
0.139 s 13.60 % 24.232 MB 96802
0.169 s 13.60 % 24.232 MB 96802
0.198 s 45.10 % 24.232 MB 96802
0.229 s 45.10 % 24.232 MB 96802
0.262 s 45.10 % 24.232 MB 96802
0.289 s 45.10 % 24.232 MB 96802
0.313 s 45.10 % 24.232 MB 96802
0.343 s 65.20 % 24.232 MB 96802
0.373 s 65.20 % 24.232 MB 96802
0.404 s 65.20 % 24.232 MB 96802
0.431 s 65.20 % 24.232 MB 96802
0.462 s 78.20 % 24.232 MB 96802
0.491 s 78.20 % 24.232 MB 96802
0.518 s 78.20 % 24.232 MB 96802
0.547 s 78.20 % 24.232 MB 96802
0.578 s 86.60 % 24.232 MB 96802
0.609 s 86.60 % 24.232 MB 96802
0.639 s 86.60 % 24.232 MB 96802
0.668 s 86.60 % 24.232 MB 96802
0.701 s 91.30 % 24.232 MB 96802
0.727 s 91.30 % 24.232 MB 96802
0.756 s 91.30 % 24.232 MB 96802
0.787 s 91.30 % 24.252 MB 96802
0.798 s 91.30 % 24.252 MB 96802
Test vectors
The pbkdf2 paper lists five test vectors to test implementation.
This package implements them here .
API
TOC
hash(password, [options]) ⇒ Promise.<string>
Computes the hash string of the given password in the PHC format using Node's
built-in crypto.randomBytes() and crypto.pbkdf2().
verify(phcstr, password) ⇒ Promise.<boolean>
Determines whether or not the hash stored inside the PHC formatted string
matches the hash generated for the password provided.
identifiers() ⇒ Array.<string>
Gets the list of all identifiers supported by this hashing function.
hash(password, [options]) ⇒ Promise.<string>
Computes the hash string of the given password in the PHC format using Node's
built-in crypto.randomBytes() and crypto.pbkdf2().
Kind : global function
Returns : Promise.<string>
- The generated secure hash string in the PHC
format.
Access : public
Param
Type
Default
Description
password
string
The password to hash.
[options]
Object
Optional configurations related to the hashing function.
[options.iterations]
number
25000
Optional number of iterations to use. Must be an integer within the range (1
<= iterations
<= 2^32-1
).
[options.saltSize]
number
16
Optional number of bytes to use when autogenerating new salts. Must be an integer within the range (1
<= saltSize
<= 2^10-1
).
[options.digest]
string
"sha512"
Optinal name of digest to use when applying the key derivation function. Can be one of ['sha1'
, 'sha256'
, 'sha512'
].
verify(phcstr, password) ⇒ Promise.<boolean>
Determines whether or not the hash stored inside the PHC formatted string
matches the hash generated for the password provided.
Kind : global function
Returns : Promise.<boolean>
- A boolean that is true if the hash computed
for the password matches.
Access : public
Param
Type
Description
phcstr
string
Secure hash string generated from this package.
password
string
User's password input.
identifiers() ⇒ Array.<string>
Gets the list of all identifiers supported by this hashing function.
Kind : global function
Returns : Array.<string>
- A list of identifiers supported by this
hashing function.
Access : public
Related
@phc/argon2 -
🔒 Node.JS Argon2 password hashing algorithm following the PHC string format.
@phc/scrypt -
🔒 Node.JS scrypt password hashing algorithm following the PHC string format.
@phc/bcrypt -
🔒 Node.JS bcrypt password hashing algorithm following the PHC string format.
Contributing
Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE report it .
Authors
See also the list of contributors who participated in this project.
License
This project is licensed under the MIT License - see the license file for details.
Details
Updated
July 16, 2018
Created
March 29, 2018
Package Security
ES Module Entrypoint
Info
Export Map
Info
added
Keywords
added
License
added
README
added
Repository URL
TypeScript Types
Info
License
MIT
Dependencies
3