Skip site navigation (1) Skip section navigation (2)

Re: MD5 Function

From: Michael Fuhr <mike(at)fuhr(dot)org>
To: truthhurts(at)insightbb(dot)com
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: MD5 Function
Date: 2005-10-23 01:47:45
Message-ID: 20051023014745.GA76290@winnie.fuhr.org (view raw or flat)
Thread:
Lists: pgsql-novice
On Sat, Oct 22, 2005 at 11:40:40PM +0000, truthhurts(at)insightbb(dot)com wrote:
> Hi, I am trying to verify the return size that MD5 function returns.  I dont see
> any details mentioned about this in the docs.
> 
> Basically i am planning on storing passwords as md5(password) and want to know
> if i can just declare the password field to be something like VARCHAR(32) or
> even CHAR(32) if it's guaranteed that it will never be longer/shorter than 32
> chars.  

RFC 1321 "The MD5 Message-Digest Algorithm" says that the algorithm's
output is 128 bits (16 octets, 32 hex digits), so if you ever see a
different length then I should think that's a bug.

Consider perturbing the input instead of using just the password
so identical passwords have different digests.

> Perhaps this is not that big of a deal and i could as easily just declare it as
> VARCHAR/TEXT without the size constraint. I just want to know what is best
> storage and performance wise?

For discussion of storage and performance characteristics, see "What
is the difference between the various character types?" in the FAQ
and "Character Types" in the documentation:

http://www.postgresql.org/docs/faqs.FAQ.html#4.10
http://www.postgresql.org/docs/8.0/interactive/datatype-character.html

-- 
Michael Fuhr

In response to

pgsql-novice by date

Next:From: operationsengineer1Date: 2005-10-23 05:01:22
Subject: Re: WinXP Install - Account Password Information
Previous:From: meDate: 2005-10-23 01:04:13
Subject: Re: WinXP Install - Account Password Information

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group