files/en-us/web/api/pbkdf2params/index.md
{{ APIRef("Web Crypto API") }}
The Pbkdf2Params dictionary of the Web Crypto API represents the object that should be passed as the algorithm parameter into {{domxref("SubtleCrypto.deriveKey()")}}, when using the PBKDF2 algorithm.
name
PBKDF2.hash
: A string or an object containing a single property called name with a string value. It is an identifier for the digest algorithm to use. This should be one of the following:
SHA-256: selects the SHA-256 algorithm.SHA-384: selects the SHA-384 algorithm.SHA-512: selects the SHA-512 algorithm.[!WARNING]
SHA-1is considered vulnerable in most cryptographic applications, but is still considered safe in PBKDF2. However, it's advisable to transition away from it everywhere, so unless you need to useSHA-1, don't. Use a different digest algorithm instead.
salt
deriveKey(), salt does not need to be kept secret.iterations
Number representing the number of times the hash function will be executed in deriveKey(). This determines how computationally expensive (that is, slow) the deriveKey() operation will be. In this context, slow is good, since it makes it more expensive for an attacker to run a {{Glossary("dictionary attack")}} against the keys. The general guidance here is to use as many iterations as possible, subject to keeping an acceptable level of performance for your application.See the examples for {{domxref("SubtleCrypto.deriveKey()")}}.
{{Specifications}}
Browsers that support the "PBKDF2" algorithm for the {{domxref("SubtleCrypto.deriveKey()")}} method will support this type.