Port of the OpenBSD bcrypt_pbkdf function to pure Javascript. npm-ified version of Devi Mandiri’s port, with some minor performance improvements. The code is copied verbatim (and un-styled) from Devi’s work.

This product includes software developed by Niels Provos.


bcrypt_pbkdf.pbkdf(pass, passlen, salt, saltlen, key, keylen, rounds)

Derive a cryptographic key of arbitrary length from a given password and salt, using the OpenBSD bcrypt_pbkdf function. This is a combination of Blowfish and SHA-512.

See this article for further information.


bcrypt_pbkdf.hash(sha2pass, sha2salt, out)

Calculate a Blowfish hash, given SHA2-512 output of a password and salt. Used as part of the inner round function in the PBKDF.



This source form is a 1:1 port from the OpenBSD blowfish.c and bcrypt_pbkdf.c. As a result, it retains the original copyright and license. The two files are under slightly different (but compatible) licenses, and are here combined in one file. For each of the full license texts see LICENSE.