Preferred Method of Storing Passwords In Database

security passwords database sql-server encryption

What is your preferred method/datatype for storing passwords in a database (preferably SQL Server 2005). The way I have been doing it in several of our applications is to first use the .NET encryption libraries and then store them in the database as binary(16). Is this the preferred method or should I be using a different datatype or allocating more space than 16?


I store the salted hash equivalent of the password in the database and never the password itself, then always compare the hash to the generated one of what the user passed in.

It's too dangerous to ever store the literal password data anywhere. This makes recovery impossible, but when someone forgets or loses a password you can run through some checks and create a new password.


THE preferred method: never store passwords in your DB. Only hashes thereof. Add salt to taste.


I do the same thing you've described, except it is stored as a String. I Base64 encode the encrypted binary value. The amount of space to allocate depends on the encryption algorithm/cipher strength.

I think you are doing it right (given that you use a Salt).

Related

Remove substring only at the end of string
GROUP BY - do not group NULL
What's the Use of '\r' escape sequence?
HTML5 video will not loop
make : rule call rule
How to properly retain a DialogFragment through rotation?
exit.c:(.text+0x18): undefined reference to `_exit' when using arm-none-eabi-gcc
What is Python's heapq module?
What's a simple way to undelete a file in subversion?
Perl: if ( element in list )
Changing Fonts Size in Matlab Plots
Can you append strings to variables in PHP? [duplicate]