Link to home
Start Free TrialLog in
Avatar of SamCash
SamCashFlag for United States of America

asked on

length of the password hash sha1:64000 to set sql field property.

EE,

I have not found the maximum length of the password hash sha1:64000 to set sql field property.

Microsoft set it at nvarchar(MAX).  I think "varchar(length)" is correct.  Fast and good use of memory.

I am using https://github.com/defuse/password-hashing/blob/master/PasswordStorage.cs to Hash and Validate.

Please advise.

Regards
Sam
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

usiong the hashes from the example you need a length of 71
Avatar of SamCash

ASKER

David,

Thanks for the quick response.  

I also changed nvarchar to varchar as I do not think unicode characters are generated.  

Is that true?

Regards
Sam
Hi David,

Can you explain where you're getting a length 71 from?  Also note that the program is storing the full string as:

  String parts = "sha1:" +
                PBKDF2_ITERATIONS +
                ":" +
                hash.Length +
                ":" +
                Convert.ToBase64String(salt) +
                ":" +
                Convert.ToBase64String(hash);
            return parts;


Just curious at this point.
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SamCash

ASKER

David,

I counted characters (also?) 14 plus 57 = 71.  But I was not sure the routine might create more or less with different passwords.  I thought there would be a spec from what ever org oversees this area.  And being new I could not tell by the code if it would always generate the same length.

Regards
Sam
a hash is always the same length
Avatar of SamCash

ASKER

David,

Thank you.  Upon further study... SQL 2008 R2 "CHAR(71)" is the correct type for best speed and memory utilization.

Is that correct?

Best Regards
Sam
I would add one byte for the terminator but it is probably not needed
Avatar of SamCash

ASKER

David,

Ok, I will test 71 and 72.  Which one of your posts do I credit?  Should I post my test result first?

Thanks Much
Sam
Avatar of SamCash

ASKER

David,

Thank you.

Regards
Sam