Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
-
Economics & Finance
How should I store data into my Mysql database, what type should I assign to a column storing salt values?
A salt is a random value added to passwords before hashing to prevent rainbow table attacks and ensure that identical passwords produce different hash values. When storing salts in a MySQL database, choosing the appropriate data type is crucial for security and performance.
Recommended Data Types for Salt Storage
The most suitable MySQL data types for storing salt values are:
-
BINARY(16) − Fixed-length binary data, ideal for 128-bit salts generated by cryptographic functions.
-
VARBINARY(32) − Variable-length binary data, suitable for salts of varying lengths up to 256 bits.
-
CHAR(32) − Fixed-length string for hex-encoded salts (each byte becomes 2 hex characters).
Salt Generation Example
Here's how to generate a cryptographically secure salt:
// Generate a cryptographically secure salt
int saltSize = 16; // 128 bits recommended minimum
byte[] saltBytes = new byte[saltSize];
// Use cryptographically strong random number generator
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
{
rng.GetNonZeroBytes(saltBytes);
}
// Convert to hex string for storage (if using CHAR data type)
string saltHex = Convert.ToHexString(saltBytes);
Database Schema Considerations
| Data Type | Storage Size | Use Case | Advantages |
|---|---|---|---|
| BINARY(16) | 16 bytes | Fixed 128-bit salts | Compact storage, fast comparisons |
| VARBINARY(32) | Variable | Different salt lengths | Flexibility in salt size |
| CHAR(32) | 32 bytes | Hex-encoded salts | Human-readable, easier debugging |
Best Practices
-
Minimum salt length − Use at least 128 bits (16 bytes) for adequate security.
-
Unique per password − Generate a new salt for each password, never reuse salts.
-
Store separately − Keep salt and hashed password in separate columns for clarity.
CREATE TABLE users (
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(50) NOT NULL,
password_hash BINARY(64), -- SHA-256 hash
salt BINARY(16), -- 128-bit salt
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
Conclusion
For storing salt values in MySQL, use BINARY(16) for fixed-length salts or VARBINARY(32) for variable-length salts. Always generate cryptographically secure salts of at least 128 bits and store them separately from password hashes to ensure robust security.
310 Views
