SamCash
asked on
length of the password hash sha1:64000 to set sql field property.
EE,
I have not found the maximum length of the password hash sha1:64000 to set sql field property.
Microsoft set it at nvarchar(MAX). I think "varchar(length)" is correct. Fast and good use of memory.
I am using https://github.com/defuse/ password-h ashing/blo b/master/P asswordSto rage.cs to Hash and Validate.
Please advise.
Regards
Sam
I have not found the maximum length of the password hash sha1:64000 to set sql field property.
Microsoft set it at nvarchar(MAX). I think "varchar(length)" is correct. Fast and good use of memory.
I am using https://github.com/defuse/
Please advise.
Regards
Sam
usiong the hashes from the example you need a length of 71
ASKER
David,
Thanks for the quick response.
I also changed nvarchar to varchar as I do not think unicode characters are generated.
Is that true?
Regards
Sam
Thanks for the quick response.
I also changed nvarchar to varchar as I do not think unicode characters are generated.
Is that true?
Regards
Sam
Hi David,
Can you explain where you're getting a length 71 from? Also note that the program is storing the full string as:
String parts = "sha1:" +
PBKDF2_ITERATIONS +
":" +
hash.Length +
":" +
Convert.ToBase64String(sal t) +
":" +
Convert.ToBase64String(has h);
return parts;
Just curious at this point.
Can you explain where you're getting a length 71 from? Also note that the program is storing the full string as:
String parts = "sha1:" +
PBKDF2_ITERATIONS +
":" +
hash.Length +
":" +
Convert.ToBase64String(sal
":" +
Convert.ToBase64String(has
return parts;
Just curious at this point.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
David,
I counted characters (also?) 14 plus 57 = 71. But I was not sure the routine might create more or less with different passwords. I thought there would be a spec from what ever org oversees this area. And being new I could not tell by the code if it would always generate the same length.
Regards
Sam
I counted characters (also?) 14 plus 57 = 71. But I was not sure the routine might create more or less with different passwords. I thought there would be a spec from what ever org oversees this area. And being new I could not tell by the code if it would always generate the same length.
Regards
Sam
a hash is always the same length
ASKER
David,
Thank you. Upon further study... SQL 2008 R2 "CHAR(71)" is the correct type for best speed and memory utilization.
Is that correct?
Best Regards
Sam
Thank you. Upon further study... SQL 2008 R2 "CHAR(71)" is the correct type for best speed and memory utilization.
Is that correct?
Best Regards
Sam
I would add one byte for the terminator but it is probably not needed
ASKER
David,
Ok, I will test 71 and 72. Which one of your posts do I credit? Should I post my test result first?
Thanks Much
Sam
Ok, I will test 71 and 72. Which one of your posts do I credit? Should I post my test result first?
Thanks Much
Sam
ASKER
David,
Thank you.
Regards
Sam
Thank you.
Regards
Sam