What column character encoding should I use for password_hash ()?

Question

What column character encoding should I use for password_hash ()?

What column character encoding should I use to store passwords generated with PHP's password__shash () in a MySQL database?

+3

php mysql

user5115459 21 jul. 15 at 10:54

source to share

3 answers

I am wondering if there should be a password hash even in the kernel. This certainly touches upon some of the challenges facing the realization of a peaceful world. It stubs security by marrying security to the php release. But at least you get something. And finally, the PHP community has to say the high standard deviation of talent.

+1

Drew 21 jul. 15 at 11:35 am

source to share

PHP doc recommends a column width of 255 characters. And since indexes on encoded columns utf8mb4

can only span 191 characters, UTF-8 is problematic.

In addition, the sample output $2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a

resembles US-ASCII , not Latin1. So why is UTF-8 the best choice?

If you want to check if the user is reused and the old password, you need to compare the exact password hash value with the previous ones. This means that you still need to compare the strings in the form binary

, also because password_hash()

there is no encoding for the return value .

Therefore, following the current specification, the best way to store password hashes from password_hash()

in a database is with a column type VARBINARY(255)

.

0

Code4R7 20 Mar At 10:32

source to share

Ioannis Loukeris · Accepted Answer · 2015-07-21T11:00:37+0000

The best way is UTF-8.

While password hashes currently return latin-encoded values, with utf-8 you'll be proof in the future. You may not know how PHP, hashing, etc. will evolve in the future.

What column character encoding should I use for password_hash ()?

More articles: