It is often necessary to derive an encryption key from a password. Passwords are easy for humans to remember whereas keys are needed in encryption schemes. A standard mechanism for performing a key derivation is given in RFC 2898.
With the rise of AJAX, more powerful browser software is the norm. In the near future, it is likely that JavaScript-based encryption will find broad use. A JavaScript implementation of the password-based key derivation function 2 (PBKDF2) from RFC 2898 is presented here for use in such applications. The source code is available under the BSD license. It makes use of the excellent SHA-1 JavaScript library by Paul Johnston.
Thanks to Felix Gartsman, for pointing out a serious bug in version 1.0 of the code. Thanks to Thijs Van der Schaeghe, for pointing out a bug in version 1.1 of the code.
Download the source code.
Demo of the PBKDF2 JavaScript implementation: