What is a good way of storing hashed passwords for easy reading/manupulation during tests

Question

I have a C# application and a database. In this database I'm storing hashed passwords and I'm wondering what the best way of doing this is?

My options appear to be either varbinary(160). The advantage of this is that binary data is a direct representation of what is inside. The disadvantage is that it's not that easy to change (trying to change the field in the database manager manually results in complaints that ntext != varbinary). Another option is to store it as string but that results in the inclusion of some very weird characters and I'm worried that it might end up containing some dangerous control characters, is this a risk? What is a good datatype?

Answer 1

I will suggest to use binary datatype for storing hashed passwords.

You can use binary instead of varbinary because the hash function will always return the same number of bytes for the same type of hash (e.g. MD5, SHA1, etc.). This will cut down on the (slight) overhead required to manage a variable length binary (varbinary) column.

Answer 2

My suggestion would be to base64 encode it and store it in a CHAR or VARCHAR field. The value will be fairly compact (28 bytes for SHA-1) and easy to manipulate.

If a slightly larger data size is no objection, hex encoding would be a valid alternative (40 bytes for SHA-1).