CHAR与VARCHAR的密码安全性 [英] CHAR vs VARCHAR for password security

问题描述

CHAR对VARCHAR存储密码有什么好处吗？

Are there any benefits of CHAR over VARCHAR for storing passwords?

我已经找到了高和低，但是找不到任何东西。

I have hunted high and low but can't find anything on this.

我问，因为我被告知要使用CHAR作为密码，并且对为什么感兴趣。

I ask because I have been told to use CHAR for passwords and am intrigued as to why.

推荐答案

安全没有区别。区别在于存储机制。

There is no difference in security. The difference is in the storage mechanism.

从 MySQL手册：

下表说明了CHAR和VARCHAR之间的区别，显示了将各种字符串值存储到CHAR （4）和VARCHAR（4）列（假设该列使用单字节字符集，如latin1）。

The following table illustrates the differences between CHAR and VARCHAR by showing the result of storing various string values into CHAR(4) and VARCHAR(4) columns (assuming that the column uses a single-byte character set such as latin1).

Value       CHAR(4) Storage Required    VARCHAR(4)  Storage Required
''          ''      4 bytes             ''          1 byte
'ab'        'ab '   4 bytes             'ab'        3 bytes
'abcd'      'abcd'  4 bytes             'abcd'      5 bytes
'abcdefgh'  'abcd'  4 bytes             'abcd'      5 bytes

因此，如果要存储的字符串的长度是可变的，那么可以看到 VARCHAR 为什么 CHAR 经常用于密码字段的原因是因为散列算法的输出是一致的，而与输入的长度无关。由于您正在存储用户密码的哈希值，而不是密码本身，因此字段长度将保持一致。

So you can see that VARCHAR is beneficial if the length of the string that you are storing is variable. The reason why CHAR is often used for password fields is because the output of hashing algorithms is consistent regardless of the length of input. Since you are storing a hash of the user's password, and not the password itself, the field length will be consistent.

leeor正确建议您使用哈希密码。 PHP正确的方式是在这方面的最佳做法的良好资源。

leeor is correct in advising you to hash passwords. PHP The Right Way is a good resource for best practices in that regard.

这篇关于CHAR与VARCHAR的密码安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！