What's the Optimal SQL Data Type for Storing Hashed Passwords?

Optimal Data Type for Hashed Password Storage

When designing a database schema, it's important to consider the appropriate data type for storing hashed passwords. Since password hashing introduces variability in string length, determining the optimal storage method is crucial.

Key-Strengthening Hash Algorithms

For passwords, industry experts recommend using key-strengthening hash algorithms like Bcrypt or Argon2i. PHP's password_hash() function simplifies this process by using Bcrypt by default:

$hash = password_hash("rasmuslerdorf", PASSWORD_DEFAULT);

The resulting hash is a 60-character string:

y$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a

SQL Data Type

The SQL data type CHAR(60) is suitable for storing passwords hashed using Bcrypt.

Traditional Hashing Algorithms

While key-strengthening algorithms are preferred for passwords, other hashing functions still have applications. Depending on the algorithm used, the following SQL data types can be considered:

• MD5: CHAR(32) or BINARY(16)
• SHA-1: CHAR(40) or BINARY(20)
• SHA-224: CHAR(56) or BINARY(28)
• SHA-256: CHAR(64) or BINARY(32)
• SHA-384: CHAR(96) or BINARY(48)
• SHA-512: CHAR(128) or BINARY(64)
• BCrypt: Depends on implementation, may require CHAR(56), CHAR(60), or CHAR(76)

Note on Security

It's important to emphasize that simply using a hash function is insufficient for secure password storage. Key-strengthening algorithms are recommended to mitigate brute-force attacks.

The above is the detailed content of What's the Optimal SQL Data Type for Storing Hashed Passwords?. For more information, please follow other related articles on the PHP Chinese website!