How to create tables with password fields in mysql?
Should I create the password column as a regular varchar and then insert like this:
Or should I do something extra upon the creation of the table to make sure that password field is secure?
It's a normal varchar field (40 characters) but if you want to set it more secure you should use salt.
WARNING : Hash password without salt is REALLY WEAK ! You should never use it !!
Password salting is the good way for doing it : password salting
as adviced by pst :
using SHA-1 and salt is the more naive but quite well secure approach.
using bcrypt :
it's the more secure approach :) because it use speed in order to make it more secure, bfish is a hash function built around the encryption method blowfish. (Seems than twofish exists too and should be the "modern" version of blowfish).
- using HMAC-SHA1 :
It's a version using a chain of SHA-1 so it's a intermediate solution, but allowing to set speed to your needs. In fact speed make weaker your security.