mysqlhashtypesstoragebcrypt

What column type/length should I use for storing a Bcrypt hashed password in a Database?


I want to store a hashed password (using BCrypt) in a database. What would be a good type for this, and which would be the correct length? Are passwords hashed with BCrypt always of same length?

EDIT

Example hash:

$2a$10$KssILxWNR6k62B7yiX0GAe2Q7wwHlrzhF3LqtVvpyvHZf0MwvNfVu

After hashing some passwords, it seems that BCrypt always generates 60 character hashes.

EDIT 2

Sorry for not mentioning the implementation. I am using jBCrypt.


Solution

  • The modular crypt format for bcrypt consists of

    Thus the total length is 59 or 60 bytes respectively.

    As you use the 2a format, you’ll need 60 bytes. And thus for MySQL I’ll recommend to use the CHAR(60) BINARYor BINARY(60) (see The _bin and binary Collations for information about the difference).

    CHAR is not binary safe and equality does not depend solely on the byte value but on the actual collation; in the worst case A is treated as equal to a. See The _bin and binary Collations for more information.