Menu
I usually store it in hexadecimal number but realize I could save half of the space if I store it in binary inside MySQL. Are there any issues I should be aware of if I decide to store it in binary?
973
Password hashing add a layer of security. Hashing allows passwords to be stored in a format that can't be reversed at any reasonable amount of time or cost for a hacker. Hashing algorithms turn the plaintext password into an output of characters of a fixed length.
To protect passwords, experts suggest using a strong and slow hashing algorithm like Argon2 or Bcrypt, combined with salt (or even better, with salt and pepper). (Basically, avoid faster algorithms for this usage.) To verify file signatures and certificates, SHA-256 is among your best hashing algorithm choices.
Hashes are a sequence of bits (128 bits, 160 bits, 256 bits, etc., depending on the algorithm). Your column should be binary-typed, not text/character-typed, if MySQL allows it (SQL Server datatype is binary(n) or varbinary(n) ).
I would recommend a varchar. Now for size. NIST (in the U.S.) recommends sha-256 or higher. Since a hashing algorithm always produces a value of set length you will need 256 bits to store this sha-256 hashed password.
How many passwords are you expecting to store? Does half the space mean that much to you really?
You are probably representing the passwords in hexadecimal form in your application, so storing them in binary adds another layer of complexity and processing overhead when you perform any operations on those passwords.
My opinion is that you should store them in a way that is convenient for you to work with, rather than one that saves you tiny amounts of space.
Edit:
Going to make some assumptions and take the opportunity to help you a little further.
Since your passwords are in hex, I'm going to assume you're not using crypt, and if you're not, you should be. Worst case scenario, you're using md5... and god is killing kittens.
There's a lot of questions and answers about bcrypt on stack overflow already, so I'll not cover the information again here.
The question SHA512 vs. Blowfish and Bcrypt is a good place to start though.
Also have a read of a couple of @ircmaxell's blog posts on the subject:
101
From a usability standpoint, it's probably best to store the hash as a hexadecimal. Storing them in binary means one more step is required to compare a plain text input to the stored password. It also has the potential to add a layer of confusion to anyone who make work on your project after you've moved on. "Why is this password stored in binary?"
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
