Storing hashed password bytes instead of chars

0
votes

My recent developments led me into the world of password storage security, hashing functions, ...

I've decided to store on the database the resulting byte array of my hashing function (in a BINARY type column), as well for the salt, since storing a hex string would take more space, I guess.

Are there any downsides to this practice? Especially on the security viewpoint.

+----+---------+--------------+--------------+---------------+------------+
| id | login   | password     | salt         | name          | lname      |
+----+---------+--------------+--------------+---------------+------------+
|  1 | myadmin | 0x8B624d85B1 | 0x248f1706f0 | Administrador | do Sistema |
+----+---------+--------------+--------------+---------------+------------+
1
securityhashbinarypasswordspassword-hash

1 Answers

3
votes

I can't see any downside from a security perspective of storing the hash and salt as binary rather than strings. Ultimately all data is binary anyways.

I'd be more concerned about what hashing algorithm you are using. I don't see anywhere you are storing a difficulty factor, so I assume you aren't using BCrypt? If not, you might want to consider using that as it seems to be the gold standard at the moment for password hashing.