How to create tables with password fields in mysql?

Question

Should I create the password column as a regular varchar and then insert like this:

sha1($pass_string)

Or should I do something extra upon the

Answer 1

It's a normal varchar field (40 characters) but if you want to set it more secure you should use salt.

http://highedwebtech.com/2008/04/25/season-your-passwords-with-some-salt/

Update :

WARNING : Hash password without salt is REALLY WEAK ! You should never use it !!

Password salting is the good way for doing it : password salting

as adviced by pst :

• using SHA-1 and salt is the more naive but quite well secure approach.

• using bcrypt :

it's the more secure approach :) because it use speed in order to make it more secure, bfish is a hash function built around the encryption method blowfish. (Seems than twofish exists too and should be the "modern" version of blowfish).

• using HMAC-SHA1 :

It's a version using a chain of SHA-1 so it's a intermediate solution, but allowing to set speed to your needs. In fact speed make weaker your security.

Answer 2

Most people save the hash as you have suggested. It's safe enough and simple, making it a good choice.

Note that all hashes can be cracked eventually, so any hash is better than none and SHA is strong enough.

Answer 3

You could also use the AES_ENCRYPT() function built into mysql for greater security. Link here

There is also a good how-to here explaining further: link

Answer 4

The manual contains a good explanation of what type of column to use.