• password {string|Buffer|TypedArray|DataView}
    • salt {string|Buffer|TypedArray|DataView}
    • iterations {number}
    • keylen {number}
    • digest {string}
    • Returns: {Buffer}

    Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest is applied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

    If an error occurs an Error will be thrown, otherwise the derived key will be returned as a [Buffer][].

    If digest is null, 'sha1' will be used. This behavior is deprecated, please specify a digest explicitly.

    The iterations argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.

    The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See [NIST SP 800-132][] for details.

    1. const crypto = require('crypto');
    2. const key = crypto.pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
    3. console.log(key.toString('hex'));  // '3745e48...08d59ae'

    The crypto.DEFAULT_ENCODING property may be used to change the way the derivedKey is returned. This property, however, is deprecated and use should be avoided.

    1. const crypto = require('crypto');
    2. crypto.DEFAULT_ENCODING = 'hex';
    3. const key = crypto.pbkdf2Sync('secret', 'salt', 100000, 512, 'sha512');
    4. console.log(key);  // '3745e48...aa39b34'

    An array of supported digest functions can be retrieved using [crypto.getHashes()][].