The Node Crypto pbkdf2 method
This is a post on the Node Crypto module pbkdf2 method in nodejs. So pbkdf2 stands for Password Based Key Derivation Function 2, and is a method that can be used to create a key that is to be used with a node crypto module method like createCipheriv.
1 - pbkdf2 in a nut shell
So even a basic example of the pbkdf2 will require using all the arguments unless it is wrapped. The first argument is the desired password, followed by a salt value. Then an iterations value that should be at least 10000 maybe, I say that because there is no clear standard for this value but the higher the number the more secure they resulting key will be. However the higher the number for the iterations value the more secure the resulting key will be. The next argument is the byte length for the key, and then the desired hash or digest to use. Then finally a callback that will give an error object if something goes wrong for the first argument and the resulting key as the second argument of all goes well.
|
|
2 - The salt value
The salt value) is a way to provide an additional input on top of the password so that a different key will result for the same password. It makes sense to do this as one of the typical use case scenarios with this method is to hash a database of passwords. In the event that one hash is cracked all instances of the same password are not necessary compromised given that a unique salt is used each time a password is hashed.
|
|
There is still the concern of storing the salt, and doing so in the same database as the hashed passwords. Still the use of salts does help to slow the process down, and make things more complicated.
The salt value should be unique for each password event when the password is the same like in the above example. In a real project a hash could be randomly generated, or can just be the user name of the account for example. Same as with passwords the longer the better though, as all of this is about buying time when it comes to brute force attacks.
3 - iterations
The iterations argument is a number that reflects the volume of computational work to preform to produce the key. Generally speaking the bugger the number the longer it will take to generate they key, but it will be a stronger key that is harder to crack. A good starting point today might be around five thousand, but you might want to set it as high as one hundred thousand.
|
|