crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)

版本历史
版本变更
v14.0.0

The iterations parameter is now restricted to positive values. Earlier releases treated other values as one.

v6.0.0

Calling this function without passing the digest parameter is deprecated now and will emit a warning.

v6.0.0

The default encoding for password if it is a string changed from binary to utf8.

v0.9.3

新增于: v0.9.3

提供一个同步的基于密码的密钥派生函数2(PBKDF2)实现。通过指定的 digest HMAC 摘要算法,从 passwordsaltiterations 派生所需字节长度(keylen)的密钥。

【Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest is applied to derive a key of the requested byte length (keylen) from the password, salt and iterations.】

如果发生错误,将抛出 Error,否则派生的密钥将作为 Buffer 返回。

【If an error occurs an Error will be thrown, otherwise the derived key will be returned as a Buffer.】

iterations 参数必须是尽可能高的数字。迭代次数越多,派生的密钥就越安全,但完成所需的时间也会更长。

【The iterations argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.】

salt 应尽可能唯一。建议盐值是随机的,并且至少为 16 字节长。详情请参阅 NIST SP 800-132

【The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details.】

在传递 passwordsalt 字符串时,请考虑 将字符串用作加密 API 输入时的注意事项

【When passing strings for password or salt, please consider caveats when using strings as inputs to cryptographic APIs.】

const {
  pbkdf2Sync,
} = await import('node:crypto');

const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
console.log(key.toString('hex'));  // '3745e48...08d59ae'const {
  pbkdf2Sync,
} = require('node:crypto');

const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
console.log(key.toString('hex'));  // '3745e48...08d59ae'

可以使用 crypto.getHashes() 检索受支持的摘要函数数组。

【An array of supported digest functions can be retrieved using crypto.getHashes().】