I’m not really that familiar with this type of thing so I want some
outside comments on it.
Are you trying to learn, or do you just want something that works?
If the latter then…
cfPassphrase :: Sorcerer's Isle
The equivalent to what you posted, without the hassle of
casting/chars/etc…
<cfscript>
password = 'password';
secret = PassphraseHash( password , 'pbkdf2' , { iterations:10000 , SaltBytes:50 , HashBytes:256 } );
dump(secret);
</cfscript>
Except 10k iterations is the bare minimum you should use - more would
be better. (The default is 86k.)
Tuning Algorithm Params · boughtonp/cfpassphrase Wiki · GitHub
If you don’t want to install the extension, you can use the jar direct…
PassObj = createObject('java','sorcerersisle.cfpassphrase.Impl','cfpassphrase-v0.1.jar');
secret = PassObj.hash( password , 'pbkdf2' , { iterations:10000 , SaltBytes:50 , HashBytes:256 } );
And if you specifically need an array of bytes of just the hash (which
is what your code outputs), you can use:
secret = createObject('java','javax.xml.bind.DatatypeConverter').parseHexBinary( ListLast(secret,':') );
But that’s probably unnecessary; a hex string is likely more
convenient, and you should be storing the whole thing anyway (i.e.
including the iterations and salt).