Should I create the password column as a regular varchar and then insert like this:
sha1($pass_string)
Or should I do something extra upon the creation of the table to make sure that password field is secure?
Thanks!
MySQL stores credentials in the user table in the mysql system database.
The MySQL PASSWORD function is used for the generation of a hashed password using a plain-text password string It uses hashing techniques to generate the hashed password.
PASSWORD() function MySQL server uses this function to encrypt MySQL passwords for storage in the Password column of the user grant table. A string which is to be encrypted using PASSWORD function.
It's a normal varchar field (40 characters) but if you want to set it more secure you should use salt.
http://highedwebtech.com/2008/04/25/season-your-passwords-with-some-salt/
Update :
WARNING : Hash password without salt is REALLY WEAK ! You should never use it !!
Password salting is the good way for doing it : password salting
as adviced by pst :
using SHA-1 and salt is the more naive but quite well secure approach.
using bcrypt :
it's the more secure approach :) because it use speed in order to make it more secure, bfish is a hash function built around the encryption method blowfish. (Seems than twofish exists too and should be the "modern" version of blowfish).
It's a version using a chain of SHA-1 so it's a intermediate solution, but allowing to set speed to your needs. In fact speed make weaker your security.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With