In what type of field (mysql) should the password be stored after password

B

Barrakuda742018-04-22 20:22:01

MySQL

Barrakuda74, 2018-04-22 20:22:01

In what type of field (mysql) should the password be stored after password_hash?

Today, by default, password_hash encodes via bcrypt (suppose I want to leave it).
PHP warns that bcrypt may go up to 255 characters in the future.
MYSQL, in turn, recommends storing hashes in varbinary or blob.
So what is the optimal length for a varbinary field? As far as I understand, in the varbinary field 2 bytes are spent on specifying the field size. I come to the conclusion that the optimal value is 257. But google on "varbinary (257)" does not find anything at all on this topic, therefore, everyone uses some other value. So what is it?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

D3lphi, 2018-04-22
@Barrakuda74

It is not the length of the bcrypt hash that may change, but the default hashing algorithm (that is, PASSWORD_DEFAULT in new versions of PHP may mean algorithms other than bcrypt).
Hashes need to be stored in a blob field only if the generated hash is in a binary representation (this can be achieved by passing the value true to the hash() function as the last parameter). Bcrypt is represented in symbolic form.
Bottom line: to store bcrypt hashes, we use the VARCHAR (60) field, or better - CHAR (60) - since the string has a fixed length.

D

Daniel Sukhikh, 2018-04-22
@danchiksux

text)