What's the Optimal Database Data Type and Length for Storing Bcrypt Hashed Passwords?

Determining the Storage Requirements for Bcrypt Hashed Passwords

When storing hashed passwords in a database, selecting the appropriate data type and length is crucial. Specifically, when using Bcrypt as the hashing algorithm, it's essential to determine the optimal parameters to ensure secure data management.

In the case of Bcrypt, the modular crypt format consists of:

• A cost parameter (2 digits) followed by a dollar sign
• A 53-character base-64-encoded value, comprising 22 characters of salt and 31 characters of encrypted output

Hence, the total length is typically 60 bytes. To accommodate this, it is recommended to use either CHAR(60) BINARY or BINARY(60) data types in MySQL.

CHAR vs. BINARY

The CHAR data type is not binary safe, meaning that equality does not solely depend on byte value but also on the collation. In contrast, the BINARY data type is binary safe and performs equality checks based on byte values.

Additional Considerations

It's important to note that passwords hashed with Bcrypt are always of the same length (60 characters when using $2a$ format). This ensures consistent data storage and facilitates secure comparison operations.

The above is the detailed content of What's the Optimal Database Data Type and Length for Storing Bcrypt Hashed Passwords?. For more information, please follow other related articles on the PHP Chinese website!