Reputation: 9874
should I store passwords in database table using base64 encoding?
I am using PBKDF2 encryption to hash password with salt. should I store hashed password and salt in database after applying base64 encoding?
If I do use the encoding, then the password length becomes 88 from 64, which requires more storage than when I am not using it.
What are advantages and disadvantages for using the encoding?
should I apply it to salts too?
Upvotes: 0
Views: 2352
Answers (1)
Reputation: 74750
From the security side, there is no difference between storing pure bytes, and storing a Base64-encoding of them.
If you store pure bytes, make sure you select the right datatype (e.g. a binary one, not a character one) for your column. If you store base64, you can use a character column with US-ASCII encoding.
Base64 has the advantage that a human can more easily look at the data and see if it is the same as some other, but this is about it - you could easily do the encoding after querying the data, too.
Upvotes: 3
Related Questions
- Storing Passwords on MySQL database: Hash vs Encryption?
- Should encrypted data base64 encoded to store it in a database?
- Storing passwords safely in a database
- Is it a good practice to save a base64 string on the Database?
- Best way to store a base64 encoded value in MySQL DB?
- Should I Use Base64 or Unicode for Storing Hashes & Salts?
- storing hashed passwords - base64, or hex string, or something else?
- Do I need base64 encode my salt (for hashing passwords)?
- Storing encrypted password and salt or only storing encrypted password?
- Best way to store hashed passwords and salt values in the database - varchar or binary?