Password-Based Key Derivation Function 2 (PBKDF2)
A JavaScript implementation (version 1.5)

Parvez Anandam

It is often necessary to derive an encryption key from a password. Passwords are easy for humans to remember whereas keys are needed in encryption schemes. A standard mechanism for performing a key derivation is given in RFC 2898.

With the rise of AJAX, more powerful browser software is the norm. In the near future, it is likely that JavaScript-based encryption will find broad use. A JavaScript implementation of the password-based key derivation function 2 (PBKDF2) from RFC 2898 is presented here for use in such applications. The source code is available under the BSD license. It makes use of the excellent SHA-1 JavaScript library by Paul Johnston.

Thanks to Felix Gartsman for pointing out a serious bug in version 1.0
Thanks to Thijs Van der Schaeghe for pointing out a bug in version 1.1
Thanks to Richard Gautier for asking to clarify dependencies in version 1.2
Updated contact information from version 1.3
Thanks to Stuart Heinrich for pointing out updates to PAJ's SHA-1 library in version 1.4
Current version: 1.5

Download the source code.

Demo of the PBKDF2 JavaScript implementation:

Password:
Salt:
Number of iterations:
Number of bytes for Key: