Pbkdf2Params
dictionary of the
Web 加密 API
represents the object that should be passed as the
algorithm
parameter into
SubtleCrypto.deriveKey()
, when using the
PBKDF2
算法。
名称
DOMString
. This should be set to
PBKDF2
.
hash
A
DOMString
表示
digest algorithm
to use. This may be one of:
SHA-1
SHA-256
SHA-384
SHA-512
警告
:
SHA-1
is considered vulnerable in most cryptographic applications, but is still considered safe in PBKDF2. However, it's advisable to transition away from it everywhere, so unless you need to use
SHA-1
, don't. Use a different digest algorithm instead.
salt
BufferSource
. This should be a random or pseudo-random value of at least 16 bytes. Unlike the input key material passed into
deriveKey()
,
salt
does not need to be kept secret.
iterations
Number
representing the number of times the hash function will be executed in
deriveKey()
. This determines how computationally expensive (that is, slow) the
deriveKey()
operation will be. In this context, slow is good, since it makes it more expensive for an attacker to run a
dictionary attack
against the keys. The general guidance here is to use as many iterations as possible, subject to keeping an acceptable level of performance for your application.
See the examples for
SubtleCrypto.deriveKey()
.
| 规范 | 状态 | 注释 |
|---|---|---|
|
Web Cryptography API
The definition of 'SubtleCrypto.Pbkdf2Params' in that specification. |
推荐 |
Browsers that support the "PBKDF2" algorithm for the
SubtleCrypto.deriveKey()
method will support this type.
Pbkdf2Params