Length of Salt & Password Questions

#1
[eluser]sqwk[/eluser]
I am using sha512 hashes to 'store' passwords in the database. In the actual database they are saved as a binary(64) datafield. (64 * 8bits = 512)

1) My question is what length makes sense for the salts? After a bit of browsing I found that there is theoretically no reason to not use the same length as the hash—any longer and there is no mathematic improvement—any shorter and you are essentially giving security away. (Although that is pretty irrelevant at this point)

Has anyone got any experience with this?

2) On another note. Since I am storing the hash in binary format, does it make sense to also store the salt in binary format? If yes, how do I convert it back to 'normal' text to add it to a user-submitted password?

3) Also, what length does the salt have to have if I were to store it in a binary(64) datafield? 128 would make sense, but I am not entirely sure…

EDIT: I posted this in the wrong forum. Should have been in Code and Application Development.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.