0

While making my first major project, I have encountered a problem. I need to store passwords in a database. I know about hashing using bcrypt and salting, but I don't know how to properly store them in the database (what type of data to use). Should I use BINARY, BLOB or VARCHAR? After hashing I have both password hash and salt as bytes. I'm using Mariadb as the database

StNicolay
  • 1
  • 1
  • I usually use PostgreSQL as a database, but mariadb is not bad as well, I think you should store it as a simple varchar. Because I think, hashing with bcrypt makes all stuff for you I mean, hashed password with bcrypt is already in safe – Abdusamad Abdullakhanov Oct 13 '22 at 15:59
  • @AbdusamadAbdullakhanov I don't worry about safety in this case, I just don't know can hash or salt contain non-unicode characters – StNicolay Oct 13 '22 at 18:41
  • 1
    1) BINARY types can safely contain any byte value. However, you probably want to use VARBINARY instead, because BINARY is padded with 0x00 bytes. 2) BLOB types have a 40 byte overhead per row, because they allow a row to have more data. 3) If you convert your bytes value to hex, you can safely keep that in a VARCHAR. Python has a library method to do this. [link](https://docs.python.org/3/library/binascii.html#binascii.b2a_hex) For example, Django does it this way. – Nick ODell Oct 13 '22 at 19:19

1 Answers1

1

From the Bcrypt wikipedia page the output is 59 or 60 depending on the cost. output is in a radix-64 with $ as separators.

Like Nick ODell said the comments VARBINARY(60) keeps the simple format easily. A VARCHAR(60) is also an ok choice with ascii or latin1 as a character set.

Due to the variable length a VARCHAR(60) corresponds to the maximum length without worrying about handling if the cost is 1 byte or 2.

danblack
  • 12,130
  • 2
  • 22
  • 41