Storing hashed passwords in MySQL

Question

I\'m creating hashed passwords using salted sha1 in PHP.

My question is: In MySQL what is the proper character encoding, field type & length to store the result?

Answer 1

The SHA-2 algorithms (SHA-256, SHA-512) are valid choices; however they require more storage. To store the hex digits for SHA-256, for example, you need a CHAR(64) field. There have been some questions about whether SHA-1 is "broken" Schneier discussed it and NIST commented. If those concern you, then it might be better to use one of the SHA-2 functions.

And if you want to increase the cost of a brute force attack, you might also consider adding some iterations using an algorithm such as PBKDF2. Someone posted an example here in the comments.