MYSQL field of type BINARY with bcrypt
I looked at this question regarding the field length and the type used for bcrypt hashes. Several answers mention the use of the BINARY
MYSQL column type . However, when reading from that column using the node.js mysql module, it reads the BINARY columns into a buffer type, not a string. Bcrypt's comparison function bcrypt.compare(password, hash, callback)
doesn't like the buffer type:
Error: data and hash must be strings
at node_modules/bcrypt/bcrypt.js:150:16
This leads me to two questions:
First, I assume that what I want to do is this hash_buffer.toString()
, but I notice in the documentation that there are different character encodings that can be used. I'm not sure what to use the correct encoding as the data doesn't actually represent valid characters. Since I want the binary data to remain unchanged, I would prefer ASCII. Can anyone confirm this?
Secondly, I don't understand why not use a datatype CHAR
. The hash is specially designed for printing. I understand that the MYSQL comparison might not be done as expected, but there isn't a good time to look up or sort by password hash anyway.
source to share
Generally speaking, it makes sense to use BINARY columns to store bcrypt hashes if MySQL is doing a comparison. Binary sort will prevent unwanted comparison results, eg. 'A'
, equal 'A'
; it makes a big difference in Base64 encoding.
However, if the comparison is purely in the application, you can save yourself the hassle and use a regular CHAR column to store the hash.
source to share