It has always puzzled me with the creation of my Databases. What would be the correct data type for my Encrypted with md5 salt password?
I've been using VarChar; but i've been told to move over to char but never given an explination?
Which also, I know it's not in best practice but i've got my database as Varchar(255) to hold my password; What would also be the best length to have it? because I don't know for certain if md5 always returns the same length string, or it can vary?
You're first question:
VARCHAR
- Trailing white space is preserved. (MySQL 5.0.3+ only.)
- Minimal storage overhead. A 17 character record takes up only 17 characters of space.
- Slower SELECTs when searching this column.
CHAR
- Trailing white space is always removed.
- Every record takes up a fixed amount of space - 19 characters in your case. Your 17 character records will waste two bytes of storage.
- Faster SELECTs when searching this column.
MD5 will always return 32 chars so using CHAR(32) would be more efficient when storing, even if it uses a salt it will still hash out to that many chars. You always want to choose the most appropriate char size.
If you going to change your password salting - what not change the encryption at the same time to something secure - like bcyrpt.
It seems like a wasted effort to try and 'fine tune' a md5 setup, when md5 is compromised
In regards to other your part of the question;
> A CHAR(x) column can only have exactly x characters.
> A VARCHAR(x)column can have up to x characters.
So if you salt is 'fixed' (i.e. always 6 chars) - then you want "CHAR" for better performane. But if your salt is variable (i.e. 5-6 chars) - then you have to use VARCHAR.