JavaScript performance comparison

Revision 28 of this test case created


PBKDF2 (hmacSHA1) for JavaScript

Compares the PBKDF2 methods of the Stanford Javascript Crypto Library with the ones from CryptoJS and Anandam.

Preparation code

<script src="http://anandam.name/pbkdf2/sha1.js">
<script src="http://anandam.name/pbkdf2/pbkdf2.js">
<script src="https://raw.githubusercontent.com/bitwiseshiftleft/sjcl/master/sjcl.js">
<script src="https://raw.github.com/bitwiseshiftleft/sjcl/master/core/sha1.js">
<script src="https://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/pbkdf2.js">
  var hmacSHA1 = function(key) {
      var hasher = new sjcl.misc.hmac(key, sjcl.hash.sha1);
      this.encrypt = function() {
        return hasher.encrypt.apply(hasher, arguments);

  // from http://stackoverflow.com/questions/3745666/

  function hex2a(hex) {
    var str = '';
    for (var i = 0; i < hex.length; i += 2)
    str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
    return str;

  var iterations = 500;
  var password = 'password';
  var hexSalt = '29EEE7AA9C0E9315';
  var keySizeBits = 256;
  var sjclSalt = sjcl.codec.hex.toBits(hexSalt);
  var cryptoSalt = CryptoJS.enc.Hex.parse(hexSalt);
  var anandamSalt = hex2a(hexSalt);

Preparation code output

Test runner

Warning! For accurate results, please disable Firebug before running the tests. (Why?)

Java applet disabled.

Testing in unknown unknown
Test Ops/sec
SJCL 1.0.1
sjcl.misc.pbkdf2(password, sjclSalt, iterations, keySizeBits, hmacSHA1);
CryptoJS 3.1.2
CryptoJS.PBKDF2(password, cryptoSalt, {
  keySize: keySizeBits / 32,
  iterations: iterations
Anandam 1.4
// async test
var pbkdf2 = new PBKDF2(password, anandamSalt, iterations, keySizeBits / 8);
pbkdf2.deriveKey(function() {}, function() {

Compare results of other browsers


You can edit these tests or add even more tests to this page by appending /edit to the URL. Here’s a list of current revisions for this page:


Comment form temporarily disabled.

Add a comment