While making my first major project, I have encountered a problem. I need to store passwords in a database. I know about hashing using bcrypt and salting, but I don't know how to properly store them in the database (what type of data to use). Should I use BINARY, BLOB or VARCHAR? After hashing I have both password hash and salt as bytes. I'm using Mariadb as the database
3
-
I usually use PostgreSQL as a database, but mariadb is not bad as well, I think you should store it as a simple varchar. Because I think, hashing with bcrypt makes all stuff for you I mean, hashed password with bcrypt is already in safeuser18519195– user185191952022-10-13 15:59:50 +00:00Commented Oct 13, 2022 at 15:59
-
@AbdusamadAbdullakhanov I don't worry about safety in this case, I just don't know can hash or salt contain non-unicode charactersStNicolay– StNicolay2022-10-13 18:41:47 +00:00Commented Oct 13, 2022 at 18:41
-
11) BINARY types can safely contain any byte value. However, you probably want to use VARBINARY instead, because BINARY is padded with 0x00 bytes. 2) BLOB types have a 40 byte overhead per row, because they allow a row to have more data. 3) If you convert your bytes value to hex, you can safely keep that in a VARCHAR. Python has a library method to do this. link For example, Django does it this way.Nick ODell– Nick ODell2022-10-13 19:19:45 +00:00Commented Oct 13, 2022 at 19:19
Add a comment
|
1 Answer
From the Bcrypt wikipedia page the output is 59 or 60 depending on the cost. output is in a radix-64 with $ as separators.
Like Nick ODell said the comments VARBINARY(60) keeps the simple format easily. A VARCHAR(60) is also an ok choice with ascii or latin1 as a character set.
Due to the variable length a VARCHAR(60) corresponds to the maximum length without worrying about handling if the cost is 1 byte or 2.
