Derive cryptographic keys from passwords with PBKDF2-HMAC. Tune iterations, salt, algorithm, and output length to test against your server-side settings or OWASP recommendations. All computation happens in your browser via the Web Crypto API.
PBKDF2 (RFC 2898 / PKCS #5 v2.1) repeats HMAC to stretch a password into a key. Modern guidance from OWASP (2023) recommends at least 600,000 iterations of PBKDF2-HMAC-SHA256 or 210,000 of PBKDF2-HMAC-SHA512. Higher is better if your server tolerates the latency. For new systems, prefer memory-hard KDFs like Argon2id or scrypt. Salts should be at least 16 random bytes and stored alongside the hash. Never reuse a salt across accounts.