What data type to use for hashed password field and what length?

Question

I\'m not sure how password hashing works (will be implementing it later), but need to create database schema now.

I\'m thinking of limiting passwords to 4-20 charact

Answer 1

You should use TEXT (storing unlimited number of characters) for the sake of forward compatibility. Hashing algorithms (need to) become stronger over time and thus this database field will need to support more characters over time. Additionally depending on your migration strategy you may need to store new and old hashes in the same field, so fixing the length to one type of hash is not recommended.