Reputation: 1740
Storing hashed password bytes instead of chars
My recent developments led me into the world of password storage security, hashing functions, ...
I've decided to store on the database the resulting byte array of my hashing function (in a BINARY type column), as well for the salt, since storing a hex string would take more space, I guess.
Are there any downsides to this practice? Especially on the security viewpoint.
+----+---------+--------------+--------------+---------------+------------+
| id | login | password | salt | name | lname |
+----+---------+--------------+--------------+---------------+------------+
| 1 | myadmin | 0x8B624d85B1 | 0x248f1706f0 | Administrador | do Sistema |
+----+---------+--------------+--------------+---------------+------------+
Upvotes: 0
Views: 871
Answers (1)
Reputation: 60498
I can't see any downside from a security perspective of storing the hash and salt as binary rather than strings. Ultimately all data is binary anyways.
I'd be more concerned about what hashing algorithm you are using. I don't see anywhere you are storing a difficulty factor, so I assume you aren't using BCrypt? If not, you might want to consider using that as it seems to be the gold standard at the moment for password hashing.
Upvotes: 3
Related Questions
- Should password hash be stored in binary or hexadecimal number?
- How to store passwords *correctly*?
- Password Hash Approach
- What is better? Password_hash vs. SHA256 vs. SHA1 vs. md5
- Should bcrypted passwords be stored as byte array or as string and why?
- Storing password hash - varchar vs varbinary
- storing hashed passwords - base64, or hex string, or something else?
- Hashed password - store as base 64 string in SQL server vs store as varBinary
- should I store passwords in database table using base64 encoding?
- Best way to store hashed passwords and salt values in the database - varchar or binary?