I've been benchmarking and the new version is consistently slower then the old version, so need to look into it

Is this intentional or a bug? Its burning me as the browserify code [now] defaults to utf8 for strings because it encodes it as a Buffer straight away. Whereas the node seems to be defaulting string inputs to ascii encoding.

This therefore gives completely different results to what is expected... sigh.

See ea1ddaf for tests.

@calvinmetcalf do you know if this is meant to be the case? Node bug?

I have the following section of code in my program, which was working before the update:

var crypto = require('crypto') /* istanbul ignore next */ if (crypto.pbkdf2Sync.toString().indexOf('keylen, digest') === -1) { throw new Error('Unsupported crypto version') }

After updating 3.0.11, pbkdf2Sync is undefined and so my code is failing. Any information on why this may be happening would be greatly appreciated.

currently it still does it all in one go so it could cause the dom to freeze, we could break it up in a way for the async version so it wouldn't

var defaultEncoding
/* istanbul ignore next */
if (global.process && global.process.browser) {
defaultEncoding = 'utf-8'
} else if (global.process && global.process.version) {
console.log('process.version', process.version) // undefined
console.log('global.process.version', global.process.version) // v12.18.3

// This line needs to be modified to "global.process.version"
// var pVersionMajor = parseInt(process.version.split('.')[0].slice(1), 10)

// like this
var pVersionMajor = parseInt(global.process.version.split('.')[0].slice(1), 10)

defaultEncoding = pVersionMajor >= 6 ? 'utf-8' : 'binary'

} else {
defaultEncoding = 'utf-8'
}
module.exports = defaultEncoding

As of https://travis-ci.org/crypto-browserify/pbkdf2/jobs/159199947

------------------|----------|----------|----------|----------|----------------|
File              |  % Stmts | % Branch |  % Funcs |  % Lines |Uncovered Lines |
------------------|----------|----------|----------|----------|----------------|
 pbkdf2/          |      100 |    96.55 |      100 |      100 |                |
  browser.js      |      100 |    94.44 |      100 |      100 |                |
  index.js        |      100 |      100 |      100 |      100 |                |
  precondition.js |      100 |      100 |      100 |      100 |                |
------------------|----------|----------|----------|----------|----------------|
All files         |      100 |    96.55 |      100 |      100 |                |
------------------|----------|----------|----------|----------|----------------|

The browser.js coverage isn't 100%.
We should fix that.

pbkdf2(textBuffer, passwordBuffer, 2048, 64, 'sha512')

if (crypto.pbkdf2Sync.toString().indexOf('keylen, digest') === -1) { throw new Error('Unsupported crypto version') }

I am confused about this. Which context do we need?

node 6

mnemonicメートルガバヴァぱばぐゞちぢ十人十色

bW5lbW9uaWPjg6Hjg7zjg4jjg6vjgqvjgpnjg4/jgpnjgqbjgpnjgqHjga/jgprjga/jgpnjgY/jgpnjgp3jgpnjgaHjgaHjgpnljYHkurrljYHoibI=

browser

mnemonicメートルガ�゙ヴァ�゚�゙�゙�゙��゙�人�色 

bW5lbW9uaWPDo8aSwqHDo8aSwrzDo8aSy4bDo8aSwqvDo+KAmsKrw6PigJrihKLDo8aSwo/Do+KAmuKEosOj4oCawqbDo+KAmuKEosOj4oCawqHDo8KBwq/Do+KAmsWhw6PCgcKvw6PigJrihKLDo8KBwo/Do+KAmuKEosOj4oCawp3Do+KAmuKEosOjwoHCocOjwoHCocOj4oCa4oSiw6XCjcKBw6TCusK6w6XCjcKBw6jigLDCsg==

When i Run my postinstall script, in a previous version of pbkdf2 (3.0.8), the rn-nodeify replace the "process.version" with the current version of node

In the actual version the rn-nodeify brokes the code

@dcousens can you either publish version 3.0.0 or give me permission to? publicEncrypt and browserify-sign are waiting on this to be modularized

In last release there's an issue in pbkdf2/lib/default-encoding.js. In line 5

else if (global.process && global.process.version) { //code }

instead of global.process.version, exactly version is typed like global."v18.6.0". This causes problem on npm install command. Kindly fix this issue. Thank you!

This library defaults to using SHA1 with PBKDF2, which is a very insecure hash function. I strongly suggest updating the default scheme.

See related vulnerabilities:

GHSA-xwcq-pm8m-c4vf
GHSA-mpj8-q39x-wq5h

With the Web Cryptography API becoming a W3C Recommendation as of 26th of January of 2017, we could safely implement pbkdf2 natively for some browsers (i.e. Chrome and Firefox). I know we are browserifying crypto here, but maybe we could fallback to the native methods if implemented.

Would you be interested in having such a fallback in this repo? It's pretty popular and other people seem to use it a lot in the browser. Here's how I implemented it for github.com/jjperezaguinaga/deniable.website.

const pbkdf2Native = (password, salt, iterations, digest, mode, keylen) =>
    (window.crypto.subtle||window.crypto.webkitSubtle).importKey('raw', password, {name: 'PBKDF2'}, false, ['deriveKey'])
        .then(baseKey => (window.crypto.subtle||window.crypto.webkitSubtle).deriveKey({name: 'PBKDF2', salt, iterations, hash: digest, baseKey, {'name': mode, 'length': keylen*8}, true, ['encrypt', 'decrypt']))
        .then(key => (window.crypto.subtle||window.crypto.webkitSubtle).exportKey('raw', key))

I can make a PR to detect window and leverage on it based on the options given, since it seems the API has some limitations (e.g. keylen for mode has to be either 128 or 256 bits, see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey). You can see how lesspass is using it alongside this repository for a reference of what we could do.

👋 @jprichardson!

process.version is undefined, it should be global.process.version

3.0.0 was published without support for a custom hash algorithm in node.
As such, the defacto example (and main reason for this library before it was used in browserify) is now broken in Node 0.10.

var compat = require('pbkd2f-compat')
var derivedKey = compat.pbkdf2Sync('password', 'salt', 1, 32, 'sha512') // currently SHA1!!!

We need to merge #5 ASAP, and probably unpublish 3.0.0.

Started failing with bca4182.

Most likely due to s390x being big endian.

Originally reported at: https://bugs.launchpad.net/ubuntu/+source/node-pbkdf2/+bug/1918287

The existing API assumes that it does default to sha1, and hence throws:

TypeError [ERR_INVALID_ARG_TYPE]: The "digest" argument must be one of type string or null

In tests

How can I return the derivedKey as a hex string?

calvinmetcalf/crypto-pouch#75 - using that package, got error, investigated and found that for some reason digest argument on the other side become fully capitalized, which in turn make package failed to get size of corresponding digest in sync-browser.js file:

  var ipad = Buffer.allocUnsafe(blocksize + sizes[alg])
  var opad = Buffer.allocUnsafe(blocksize + sizes[alg])

as alg === 'SHA-256', sizes['SHA-256'] is undefined, so result sum is NaN.

Placing it in the optionalDependencies (8423738) makes it being installed on consumers of this library, which shouldn't be required.

Is there another reason?

Thanks for the amazing work on this library.

After update to 3.0.11 in package.json have appeared microtime. It is break npm install on windows with error

C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V140\Platforms\x64\PlatformToolsets\v140\Toolset.targets(36,5): error MSB8036: The Windows SDK version 8.1 was not found. Install the required version of Windows SDK or change the SDK vers ion in the project property pages or by right-clicking the solution and selecting "Retarget solution". [c:\Work\Afisha8 \Afisha17BE\node_modules\microtime\build\microtime.vcxproj]

Is it possible to do this package dev depency? Like @pirelenito said #63 ?

var pVersionMajor = parseInt(process.version.split('.')[0].slice(1), 10)

modified

var pVersionMajor = parseInt(global.process.version.split('.')[0].slice(1), 10)

so, it is work well in Electron

given the program:

var pbkdf2 = require('pbkdf2');
console.log(pbkdf2.hashSync('password', 'salt', 10000, 32, 'sha256'));

on my mac I get:

$ uname -a
Darwin Jamess-Mac-mini 14.3.0 Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root:xnu-2782.20.48~5/RELEASE_X86_64 x86_64
$ cat node_modules/pbkdf2/package.json | grep version
  "version": "0.0.5",
$ node testhash.js 
5ec02b91a4b59c6f59dd5fbe4ca649ec

and on my linux machine

uname -a
Linux brooks 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u2 x86_64 GNU/Linux
$ cat node_modules/pbkdf2/package.json | grep version
  "version": "0.0.5",
$ node testhash.js 
a2c2646186828474b754591a547c18f1

I would expect these hashes to be the same.

The name should be pbkdf2 instead of pbkd2f on npm.

@dcousens asked for a ticket ;)

performance on various engines is a lot worse compared to the 'sjcl' package.
see benchmarking test repo: https://github.com/rubensayshi/pbkdf2-benchmark

the most significant one is when using the old UIWebView on IOS (currently still the default for cordova apps without using a 3rd party plugin to upgrade to WKWebView) where it's close to a 10x difference.
but for the future WKWebView will not become the default to use in cordova 4.0.0+.

for chrome (on all platforms) there's also a significant difference between the 2 libs.

for w/e reason firefox sjcl is actually slower ... but (my) firefox is scrap xD

I'm using a library called bip39 that uses this function:

function mnemonicToSeed (mnemonic, password) {
  var mnemonicBuffer = Buffer.from(unorm.nfkd(mnemonic), 'utf8')
  var saltBuffer = Buffer.from(salt(unorm.nfkd(password)), 'utf8')

  return pbkdf2(mnemonicBuffer, saltBuffer, 2048, 64, 'sha512')
}

(See source code)

However, pbkdf2 is taking about 1500 ms to finish on my computer and browser. (and I have a new and fast laptop)

Is there any way this function could be improve to increase the performance?

The biggest problem is that it blocks the entire JS thread and thus freezes my web-app's UI completely. The user can't even scroll.

I was also wondering if it's maybe possible to split the work between multiple event loop cycles?
Or have an effect that's similar to "time slicing" as explained by Evan You of VueJS here in this presentation: https://youtu.be/8Hgt9HYaCDA?t=1995

But I'm not an expert on the subject so pardon me if I'm saying things that don't make sense. 😀

Related thread: bitcoinjs/bip39#99

Would it be possible to except not only Buffer and string for password/salt but also Uint8Array?

All my crypto code uses Uint8Array for both browser and nodejs and it would be cool to be able to use the JS standard type directly.

@calvinmetcalf can you verify?

The current dependency on pbkdf2 v3.1.1 causes some development environments to error due to a check on the process object. This has been resolved in version v3.1.2

Suggest up'reving pbkdf2 dependency to v3.1.2.

Is there a way to make the browser version of pbkdf2 truly asynchronous?

The third line of index.js results in the browser console error:

Cannot read property toString() of undefined for crypto.pbkdf2Sync.

Which results in the following error when we try to run our tests:

  TypeError: undefined is not an object (evaluating 'crypto.pbkdf2Sync.toString')
  at webpack:///~/pbkdf2/index.js:3:0 <- tests.webpack.js:130564

PR incoming...

On line 3 of browser.js:
parseInt(process.version.split('.')[0].slice(1), 10)
the process global variable doesn't exist in browsers, so this throws an error and breaks at this point.

hello, sorry to bother you. My framework is react, I find the version is 3.0.7,and it works well when npm run build. but today the version is 3.1.0, I can't npm run build successfully, I want to know how to fix it.
and the pbkdf2 is not in my pachage.json. Thank you very much

Using v.3.0.9, I still encounter the Uncaught TypeError: Cannot read property 'split' of undefined error in browser.js, line 22.

├─ [email protected]
│  └─ create-hmac@^1.1.2

I am using the pbkdf2 library with webpack without browserify.

A workaround is to import var process = require('process') at the top of the browser.js file.

Do you have ideas how we could get a proper solution for this issue?

password: test
salt (in hex format): 7b970da6a2fddaba
iterations: 1000
length: 64
algo: sha512

gives me

e6d98ba1993f1e721dab924cec8ca8e7af4b40035553da88aec486131afc0f88ff40a29467911fb58c042ede9701551f0b4b06b4207b2a831d90783aab3095da

in 0.10

but in iojs

7c89cceaea1811b0aeaf23587fadb4b80580d9b26c7e7489ec56f9f0a84c1b612c788ddfb4a86dee8e5be70d4742b84ff3e818e3b83aa68d21db5b4d9f70dc8e

/lib/sync-browser.js:51
  h.copy(this.opad, this.blocksize)
    ^

TypeError: Cannot read property 'copy' of undefined

I don't think this path is under test at all.

React Native 0.67.4

Looks to be an issue with Buffers and utf8/binary again.
Did something change in Node 6 that is going to make us incompatible?

@feross any ideas?

In 3.0.4 pbkdf2 generate a hash correctly with digest parameter sha256.
With 3.0.5 pbkdf2 generate a hash silently ignoring 'sha256' and use sha1 instead.

• Tape tests doesn't pass with node 0.10.
• Pbkdf2 doesn't support node 0.10 anymore ?
• If this is the case can we add { "engines" : { "node" : ">=0.12" } } in package.json
• This is an important change not being represented in version number :-( ~3.0.4 in my package.json

Does this library works with es6 imports ?

const key = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16];
const output = pbkdf2.pbkdf2Sync(normalisedMasterPassword, key, 100000, 32, 'sha256');

I am getting error as in screenshot

If you enter a long password it will take significantly longer. This runs in O(pwLen * rounds) time instead of in O(pwLen + rounds) time.

Ideally you'd want to do a cached HMAC for a 2x speed increase (on normal sized passwords):

var cachedCtx = createHmac(digest, password)

...

-var T = createHmac(digest, password).update(block1).digest()
+var T = "cachedCtx.clone()".update(block1).digest()

...

-U = createHmac(digest, password).update(U).digest()
+U = "cachedCtx.clone()".update(U).digest()

Their are some problems with the "create-hmac" package and once those are fixed cached HMAC will be the best way to go. See browserify/createHmac#27. Also I do not know the proper way to clone an object in Node.js. Thus the quotes around cachedCtx.clone().

I have diferent result processing same data in php. It should be the same.

Php code:
var_dump(bin2hex($key)); var_dump(bin2hex($result)); $d_key = hash_pbkdf2('sha1',$key,$result,64000,32,true); var_dump(bin2hex($d_key));
Nodejs code
` var pbkdf2 = require('pbkdf2');

        console.log(new Buffer(key));

        console.log(new Buffer(salt));

        var result = pbkdf2.pbkdf2Sync(new Buffer(key),new Buffer(salt),64000,32,'sha256');

        console.log(result);`

Php result
string(64) "3132333435363738393031323334353637383930313233343536373839303132" string(64) "6162636465663132333461626364656631323334616263646566313233343132" string(64) "bbcc7e635af5bdb6d5532c92524e776779ffb6d979848d6416e0a05089998cc4"
Nodejs result
`<Buffer 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32>

<Buffer 61 62 63 64 65 66 31 32 33 34 61 62 63 64 65 66 31 32 33 34 61 62 63 64 65 66 31 32 33 34 31 32>

<Buffer ea 5b 2b 27 d2 4a 16 ef b8 35 e0 ae be 82 ec a1 fe 20 37 8d f1 09 bc a6 2e 5d 8f 43 cc b2 50 01>
`

My fault. Sorry, sha1

3.0.6 got auto-updated via the following path:

│ ├─┬ [email protected]
│ │ ├─┬ [email protected]
│ │ │ ├── [email protected]

https://github.com/crypto-browserify/pbkdf2/blob/master/browser.js#L3 this line caused the problem with process.version undefined. (cannot access split of undefined)

Just FYI, had to handle an emergency operations was not immediately evident what's going on as it's pretty deep in dependencies..