Sunday, 15 April 2012

node.js - SALT and HASH using pbkdf2 -


I am using the following methods to create snack and hashead passwords from cryptobb in nodejs: < Cryptto.pbkdf2 crypto.randomBytes crypto.pbkdf2 (password, salt, iterative, keylen, callback)

for randombeats call (create SALT) what size Should i use I've heard 128-bit salt, maybe 256-bit It seems that this function uses a size in bytes, so can I consider 32 (256 bits) in size enough?

For PBKDF2 calls, what is a good number of iterations and what is the key length (keylen) for the key?

In addition to that, I've seen examples of salt, length, iterative and derviedkey storage in the same column for storage, I am using an example which is 4 to :: Separates from, i.e.:

  salt :: derivedKey :: keyLength :: iterations   

By doing this, I get 4 values I can separate it on :: , so I can generate a derived key based on the password I provided, to see that Or it matches. Is this the right way to store? Or should a combination of these values ​​be somewhat more "confusing"?

1 random bytes size :

salt Less than should be the same as your hash function, so for sha256 you should use at least 32 bytes. Node JS crypto has pbkdf2 to use SHA1 , therefore 20 bytes should be minimum. However, at least you should use 64bit (8 bytes) , as stated in # 3 (source :).

Number of 2 PBKDF 2 iterations :

Look for a great discussion. I took that from without the performance 10.000 range is enough, but this hardware / performance is dependent.

3. Length of PBKDF2 :

See about the key length. The parameter is again using the hashing function, SHA-1 in your case, so 20 bytes is the correct value. Since the salt of at least 64bit is recommended, it is trash to generate a small key from your input, so use at least 8 bytes . Do not use the output length of more than 20, because it does not provide any additional protection, but the Eugble Count Number for each of 20's.

4. How to store variables :

All links given above are specifically discussed (especially), salt should be saved with password (but never used again Can be done), usually by adding it to the resulting string (salt: hash), or in any other database column.

As far as the other variables are concerned, their security is not important to break security (as stated, so that you can safely pametrate it anywhere. " Your way of doing it is OK, but you are saving additional information . To save only "algorithm: iterations: salt: hash" , in your case, "salt :: levitored:: iterated" It's important.

No comments:

Post a Comment