Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Should I create the password column as a regular varchar and then insert like this:
sha1($pass_string)
Or should I do something extra upon the creation of the table to make sure that password field is secure?
Thanks!
It’s a normal varchar field (40 characters) but if you want to set it more secure you should use salt.
http://highedwebtech.com/2008/04/25/season-your-passwords-with-some-salt/
Update :
WARNING : Hash password without salt is REALLY WEAK ! You should never use it !!
Password salting is the good way for doing it :
password salting
as adviced by pst :
using SHA-1 and salt is the more naive but quite well secure approach.
using bcrypt :
it’s the more secure approach 🙂 because it use speed in order to make it more secure, bfish is a hash function built around the encryption method blowfish. (Seems than twofish exists too and should be the “modern” version of blowfish).
It’s a version using a chain of SHA-1 so it’s a intermediate solution, but allowing to set speed to your needs. In fact speed make weaker your security.