PHP: What maximum length to set a password field in a database?
Solution 1
SHA512 actually returns a string of 128 length. So the short answer is, your field only needs to be 128 characters.
Solution 2
SHA512 outputs 512 bits, or 64 bytes. You can store those 64 bytes in a binary column, which are represented by 128 hexadecimal numbers...
Hense you need 128 size..
For remainig See here
Solution 3
Just a demonstration to see the length of the hashed password
$password = 'password';
$salt = 'salt';
$hash = hash('sha512', $salt.$password);
echo strlen($hash); // OUTPUTS 128
Solution 4
This depends on the length of the string that the hash algorithm you're using produces. The comment posted here shows that the length of the string produced by the sha512 algorithm you've chosen is 128 characters in length. Therefore, your field should be 128 characters. It can be more, but it's unnecessary. Making it less would trim the password down and thereby make your hashed passwords "invalid".
Comments
-
Andy Lobel about 2 years
when I hash my password using
hash('sha512', $salt . $password);, should the maximum length in the password column in the database be 512 or does it matter if it gets chopped down? Or can it possibly be longer than 512? Thanks. -
willoller over 12 yearsa substring of a hash is still valid (since the substring action is part of the "complete" hash), but theoretically less secure. You just have to remember to substring in your code to get it to match the database!
-
Andy Lobel over 12 yearsso it should be varchar(128)? ;p
-
afuzzyllama over 12 years@Andy Lobel - bingo, unless you go with a binary column -
Quoting Eddie about 8 years@AndyLobel Actually, if you know that it's gonna be exact 128 chars, you can use
CHAR(128).
