I was researching about hashing and storing passwords to database on PHP.NET. This site said:
If you are for example storing the data in a MySQL database remember that varchar fields automatically have trailing spaces removed during insertion. As encrypted data can end in a space (ASCII 32), the data will be damaged by this removal. Store data in a tinyblob/tinytext (or larger) field instead.
which of this suggests are better? or may be I have to ask: Is one of them better? and if the answer is yes, which? and finally how should I store passwords to db using PDO. I thought I can write information to a blob row just like files, but if I get the values from input, which method or function have to used? Would you explain about please?
When storing hashed passwords, then whitespace removal is a non-issue:
Passwords should be hashed with a modern and proven key-stretching algorithm, but not with cryptographic hash functions like SHA-256 or MD5. Suitable algorithms include PBKDF2 , bcrypt , or scrypt .
For example, hashing the string "pass phrase" with bcrypt and a new salt may produce
$2a$12$PuYHvYwgKeD.hQ1Dv6nLQuxUkv5zP3lYLPHqdMOzgwPVaGGSAs07u
`-----'`-----------······· ·········-------'
algorithm random salt password hash
parameters
The whole string can be used as salt, as the actual password hash will be cut off and not be used as salt.
Recommended workflow for validating a login attempt:
Recommended workflow for setting a new password:
Further comments:
[1] Here, “plaintext” means printable ASCII characters. It does not refer to the clear text of a password.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.