What Data Type and Length Should I Use for Storing Hashed Passwords?

Data Type for Hashed Passwords and Optimum Length

Question: How to determine the appropriate data type and length for hashed passwords?

When implementing password hashing, it's crucial to choose a suitable data type and length for storing the hashed values. Typically, hash functions generate a result of a fixed length, but the length and representation vary based on the specific algorithm.

Answer: The selection of data type and length depends on the hashing algorithm employed:

• MD5: 128-bit hash; can be stored as CHAR(32) or BINARY(16).
• SHA-1: 160-bit hash; can be stored as CHAR(40) or BINARY(20).
• SHA-256: 256-bit hash; can be stored as CHAR(64) or BINARY(32).
• SHA-512: 512-bit hash; can be stored as CHAR(128) or BINARY(64).
• BCrypt: 448-bit hash; might require CHAR(56), CHAR(60), CHAR(76), BINARY(56), or BINARY(60).

Recommendation:

NIST suggests using SHA-256 or higher hash functions for interoperability applications. However, utilizing these hash functions solely is insufficient for secure password storage.

Therefore, it's recommended to employ key-strengthening hash algorithms like Bcrypt or Argon2i. For instance, PHP's password_hash() function uses Bcrypt by default, generating a 60-character hash. To accommodate this, consider using a CHAR(60) data type for storage.

The above is the detailed content of What Data Type and Length Should I Use for Storing Hashed Passwords?. For more information, please follow other related articles on the PHP Chinese website!