doc: Adding best practises for crypto.pbkdf2

Added some information around usages of how to use iterations, how to
choose decent salts and updating the example to have a significant
work factor and to use sha512.

PR-URL: #3290
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>

Author: tomgco

doc/api/crypto.markdown

@@ -620,9 +620,16 @@ Asynchronous PBKDF2 function.  Applies the selected HMAC digest function
 salt and number of iterations.  The callback gets two arguments:
 `(err, derivedKey)`.
 
+The number of iterations passed to pbkdf2 should be as high as possible, the
+higher the number, the more secure it will be, but will take a longer amount of
+time to complete.
+
+Chosen salts should also be unique. It is recommended that the salts are random
+and their length is greater than 16 bytes. See [NIST SP 800-132] for details.
+
 Example:
 
-    crypto.pbkdf2('secret', 'salt', 4096, 64, 'sha256', function(err, key) {
+    crypto.pbkdf2('secret', 'salt', 100000, 512, 'sha512', function(err, key) {
       if (err)
         throw err;
       console.log(key.toString('hex'));  // 'c5e478d...1469e50'
@@ -789,6 +796,7 @@ See the reference for other recommendations and details.
 [RFC 3526]: http://www.rfc-editor.org/rfc/rfc3526.txt
 [crypto.pbkdf2]: #crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback
 [EVP_BytesToKey]: https://www.openssl.org/docs/crypto/EVP_BytesToKey.html
+[NIST SP 800-132]: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
 [NIST SP 800-131A]: http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
 [initialization vector]: http://en.wikipedia.org/wiki/Initialization_vector
 [Caveats]: #crypto_caveats