Reputation: 3416
PHP: What maximum length to set a password field in a database?
when I hash my password using hash('sha512', $salt . $password);, should the maximum length in the password column in the database be 512 or does it matter if it gets chopped down? Or can it possibly be longer than 512? Thanks.
Upvotes: 4
Views: 13316
Answers (4)
Reputation: 11254
SHA512 outputs 512 bits, or 64 bytes. You can store those 64 bytes in a binary column, which are represented by 128 hexadecimal numbers...
Hense you need 128 size..
For remainig See here
Upvotes: 5
Reputation: 2125
This depends on the length of the string that the hash algorithm you're using produces. The comment posted here shows that the length of the string produced by the sha512 algorithm you've chosen is 128 characters in length. Therefore, your field should be 128 characters. It can be more, but it's unnecessary. Making it less would trim the password down and thereby make your hashed passwords "invalid".
Upvotes: 1
Reputation: 721
Just a demonstration to see the length of the hashed password
$password = 'password';
$salt = 'salt';
$hash = hash('sha512', $salt.$password);
echo strlen($hash); // OUTPUTS 128
Upvotes: 1
Reputation: 6548
SHA512 actually returns a string of 128 length. So the short answer is, your field only needs to be 128 characters.
Upvotes: 14
Related Questions
- The maximum number of characters of the md5 input
- Maximum length of generated hash when using password_hash?
- What data type to use for hashed password field and what length?
- PHP password_hash() password_verify() maximum password length?
- Validating the length of a hashed password (registration) php
- Is there a maximum input length when using PHP bcrypt (via Laravel's Hash::make)?
- Hash value lengths
- PHP: Is there any practical limit to the length of the input string for MD5 hashing?
- How long should my password salt be, and is SHA-256 good enough?
- Limiting characters of password