Source: pbkdf2.js

  1. /** @fileOverview Password-based key-derivation function, version 2.0.
  2.  *
  3.  * @author Emily Stark
  4.  * @author Mike Hamburg
  5.  * @author Dan Boneh
  6.  */
  8. /** Password-Based Key-Derivation Function, version 2.0.
  9.  *
  10.  * Generate keys from passwords using PBKDF2-HMAC-SHA256.
  11.  *
  12.  * This is the method specified by RSA's PKCS #5 standard.
  13.  *
  14.  * @param {bitArray|String} password  The password.
  15.  * @param {bitArray|String} salt The salt.  Should have lots of entropy.
  16.  * @param {Number} [count=1000] The number of iterations.  Higher numbers make the function slower but more secure.
  17.  * @param {Number} [length] The length of the derived key.  Defaults to the
  18.                             output size of the hash function.
  19.  * @param {Object} [Prff=sjcl.misc.hmac] The pseudorandom function family.
  20.  * @return {bitArray} the derived key.
  21.  */
  22. sjcl.misc.pbkdf2 = function (password, salt, count, length, Prff) {
  23.   count = count || 10000;
  24.   
  25.   if (length < 0 || count < 0) {
  26.     throw new sjcl.exception.invalid("invalid params to pbkdf2");
  27.   }
  28.   
  29.   if (typeof password === "string") {
  30.     password = sjcl.codec.utf8String.toBits(password);
  31.   }
  32.   
  33.   if (typeof salt === "string") {
  34.     salt = sjcl.codec.utf8String.toBits(salt);
  35.   }
  36.   
  37.   Prff = Prff || sjcl.misc.hmac;
  38.   
  39.   var prf = new Prff(password),
  40.       u, ui, i, j, k, out = [], b = sjcl.bitArray;
  42.   for (k = 1; 32 * out.length < (length || 1); k++) {
  43.     u = ui = prf.encrypt(b.concat(salt,[k]));
  44.     
  45.     for (i=1; i<count; i++) {
  46.       ui = prf.encrypt(ui);
  47.       for (j=0; j<ui.length; j++) {
  48.         u[j] ^= ui[j];
  49.       }
  50.     }
  51.     
  52.     out = out.concat(u);
  53.   }
  55.   if (length) { out = b.clamp(out, length); }
  57.   return out;
  58. };