What's the Best Data Type and Length for Storing Hashed Passwords?

The Best Data Type and Length for Hashed Passwords

In database design, selecting the appropriate data type for storing hashed passwords is crucial. Hash functions, which are one-way mathematical functions, produce fixed-length output regardless of the input length. Therefore, the choice of data type depends on the specific hashing algorithm used.

Recommended Hashing Algorithm and Data Type

For modern password protection, it's strongly recommended to use key-strengthening hash algorithms like Bcrypt or Argon2i. These algorithms incorporate salts and other techniques to enhance security against brute-force attacks.

In PHP, for instance, you can utilize the password_hash() function, which employs Bcrypt by default. The result is a 60-character string, which can be stored in a CHAR(60) data type.

$hash = password_hash("password", PASSWORD_DEFAULT);

Other Hash Algorithms and Corresponding Data Types

While key-strengthening hash algorithms are optimal for password storage, other hash functions still find application in various contexts. Here are some commonly used algorithms and their corresponding data types:

• MD5 (128-bit): CHAR(32) or BINARY(16)
• SHA-1 (160-bit): CHAR(40) or BINARY(20)
• SHA-256 (256-bit): CHAR(64) or BINARY(32)

Additional Considerations

The choice of data type also depends on the database system being used and any potential space constraints. Binary data types typically consume less storage space compared to character data types, but compatibility with UNHEX() and other string manipulation functions varies across databases.

The above is the detailed content of What's the Best Data Type and Length for Storing Hashed Passwords?. For more information, please follow other related articles on the PHP Chinese website!