How to create tables with password fields in mysql?


Should I create the password column as a regular varchar and then insert like this:

sha1($pass_string)

Or should I do something extra upon the creation of the table to make sure that password field is secure?

Thanks!


Answers:


It's a normal varchar field (40 characters) but if you want to set it more secure you should use salt.

http://highedwebtech.com/2008/04/25/season-your-passwords-with-some-salt/

Update :

WARNING : Hash password without salt is REALLY WEAK ! You should never use it !!

Password salting is the good way for doing it : password salting

as adviced by pst :

  • using SHA-1 and salt is the more naive but quite well secure approach.

  • using bcrypt :

it's the more secure approach :) because it use speed in order to make it more secure, bfish is a hash function built around the encryption method blowfish. (Seems than twofish exists too and should be the "modern" version of blowfish).

It's a version using a chain of SHA-1 so it's a intermediate solution, but allowing to set speed to your needs. In fact speed make weaker your security.