Pbkdf2Params
The Pbkdf2Params
dictionary of the Web Crypto API represents the object that should be passed as the algorithm
parameter into SubtleCrypto.deriveKey()
, when using the PBKDF2 algorithm.
Properties
name
-
A
DOMString
. This should be set toPBKDF2
. hash
-
A
DOMString
representing the digest algorithm to use. This may be one of:SHA-1
SHA-256
SHA-384
SHA-512
Warning:
SHA-1
is considered vulnerable in most cryptographic applications, but is still considered safe in PBKDF2. However, it's advisable to transition away from it everywhere, so unless you need to useSHA-1
, don't. Use a different digest algorithm instead. salt
-
A
BufferSource
. This should be a random or pseudo-random value of at least 16 bytes. Unlike the input key material passed intoderiveKey()
,salt
does not need to be kept secret. iterations
-
A
Number
representing the number of times the hash function will be executed inderiveKey()
. This determines how computationally expensive (that is, slow) thederiveKey()
operation will be. In this context, slow is good, since it makes it more expensive for an attacker to run a dictionary attack against the keys. The general guidance here is to use as many iterations as possible, subject to keeping an acceptable level of performance for your application.
Examples
See the examples for SubtleCrypto.deriveKey()
.
Specifications
Specification | Status | Comment |
---|---|---|
Web Cryptography API The definition of 'SubtleCrypto.Pbkdf2Params' in that specification. |
Recommendation |
Browser compatibility
Browsers that support the "PBKDF2" algorithm for the SubtleCrypto.deriveKey()
method will support this type.