密码哈希与凭证存储（PBKDF2-参数校验与旋转）最佳实践

一、参数与存储格式type HashMeta = { algo: 'pbkdf2'; hash: string; salt: string; iterations: number; pepperId?: string } 二、哈希生成与验证import crypto from 'crypto' function genSalt(len = 16): Buffer { return crypto.randomBytes(len) } function pbkdf2Hash(password: string, salt: Buffer, iterations: number, pepper?: Buffer): Buffer { const data = pepper ? Buffer.concat([Buffer.from(password, 'utf8'), pepper]) : Buffer.from(password, 'utf8') return crypto.pbkdf2Sync(data, salt, iterations, 32, 'sha256') } function createHash(password: string, iterations: number, pepperId?: string, pepper?: Buffer): HashMeta { const salt = genSalt() const h = pbkdf2Hash(password, salt, iterations, pepper) return { algo: 'pbkdf2', hash: h.toString('base64'), salt: salt.toString('base64'), iterations, pepperId } } function verifyHash(password: string, meta: HashMeta, pepper?: Buffer): boolean { const salt = Buffer.from(meta.salt, 'base64') const h = pbkdf2Hash(password, salt, meta.iterations, pepper) return h.toString('base64') === meta.hash } 三、参数校验与旋转function paramsStrong(meta: HashMeta): boolean { return meta.iterations >= 120000 } function rotateIfWeak(password: string, meta: HashMeta, preferredIterations: number, pepperId?: string, pepper?: Buffer): HashMeta { if (paramsStrong(meta)) return meta return createHash(password, preferredIterations, pepperId, pepper) } 四、存储与验收type UserRecord = { id: string; password: HashMeta } function storeUser(id: string, meta: HashMeta): UserRecord { return { id, password: meta } } 盐长度≥16字节；迭代次数≥120000；哈希长度32字节（SHA256）。支持pepper标识与验证；弱参数登录后旋转到首选迭代。存储包含`algo/salt/hash/iterations/pepperId`；验证一致并记录审计。