I'm creating hashed passwords using salted sha1 in PHP.
My question is: In MySQL what is the proper character encoding, field type & length to store the result?
Is there anything else in MySQL to consider for password security?
Finally are SHA256 or SHA512 practical hashing choices?
解决方案
For a SHA1 hash, CHAR(40) would be the optimal field type and length.
Character encoding shouldn't matter much, all the characters are within the ASCII range. I'd go with the same character set as the rest of your database for consistency.