Menu
I'm trying to make a website with a log on / log off feature and I plan on properly hashing and salting the password. The problem I'm facing, however, is how I'd go about storing the password in the database. I know that I need to store the hashed + salted password in the database (not in plain text or plain encrypted), but I don't know how to technically get around inserting the binary data into the database.
In my early attempts, the only way I could get the data in the database would be to have the binary data converted to a base64 string and inserted into the varchar password field, but something is telling me that's not the correct way to do it.
The password field in the database is currently a varchar but as I understand it, a hashed password is binary. So even if I changed the password field to a binary object, I still don't know how to actually insert it!
If I'm not making any sense please ask for clarification and I'll get back to you.
985
In separate chaining, each element of the hash table is a linked list. To store an element in the hash table you must insert it into a specific linked list. If there is any collision (i.e. two different elements have same hash value) then store both the elements in the same linked list.
SQL Server has a built-in function called HashBytes to support data hashing. A good hashing algorithm has these properties: It is especially sensitive to small changes in the input. Minor changes to the document will generate a very different hash result.
First of all, we have to make sure that the field or column we have used to preserve password for store the hash code is of data type varbinary. Then, use the HashBytes function in the insert statement to generate the hash for the password and store it in the column.
This is how it can be done via a select statement: SELECT Pk1 ,ROW_NUMBER() OVER ( ORDER BY Pk1 ) 'RowNum' ,(SELECT hashbytes('md5', ( SELECT Pk1, Col2, Col3 FOR XML raw ))) 'HashCkSum' FROM [MySchema]. [MyTable]; where Pk1 is the Primary Key of the table and ColX are the columns you want to monitor for changes.
In Microsoft SQL Server you can store binary data in columns having a binary data type (or varbinary if you need variable length data). You can use that for you hashed and salted passwords. If you use a 512 bit hash function and also want to use a 512 bit salt you need 2*512/8 = 128 bytes (e.g. binary(128) to store salt and hash.
Normally whatever API you use to read and write the database should assist you in reading and writing binary data. However, perhaps you want to use some SQL to directly insert a binary value into a table. You can use syntax like this:
insert into MyTable values (0x123456789ABCDEF)
Not really an answer to your question, but if you struggle with implementing you own password feature you could consider using a prebuilt industrial strength component to avoid embarrasing errors in the future. ASP.NET has a membership provider for instance.
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
