SALT and HASH using pbkdf2

Question

I am using the following methods to create a salted and hashed password from the crypto lib in nodejs:

crypto.randomBytes(size, [callback])
crypto.pbkdf2(passwor         


        

Answer 1

Fernando is mostly correct, but beware that #3 is mis-sourced. The recommended salt length is 64 bits, not bytes.

Using 64 bytes for the derived key is acceptable, but would be overkill for the salt alone.