Welcome Guest, Not a member yet? Register   Sign In
Length of Salt & Password Questions
#1

[eluser]sqwk[/eluser]
I am using sha512 hashes to 'store' passwords in the database. In the actual database they are saved as a binary(64) datafield. (64 * 8bits = 512)

1) My question is what length makes sense for the salts? After a bit of browsing I found that there is theoretically no reason to not use the same length as the hash—any longer and there is no mathematic improvement—any shorter and you are essentially giving security away. (Although that is pretty irrelevant at this point)

Has anyone got any experience with this?

2) On another note. Since I am storing the hash in binary format, does it make sense to also store the salt in binary format? If yes, how do I convert it back to 'normal' text to add it to a user-submitted password?

3) Also, what length does the salt have to have if I were to store it in a binary(64) datafield? 128 would make sense, but I am not entirely sure…

EDIT: I posted this in the wrong forum. Should have been in Code and Application Development.


Messages In This Thread
Length of Salt & Password Questions - by El Forum - 08-13-2010, 09:27 PM



Theme © iAndrew 2016 - Forum software by © MyBB