most secure password scheme

Luuk dovecot at vosslamber.nl
Sun Apr 30 17:00:53 EEST 2017



On 30-04-17 08:49, Aki Tuomi wrote:
> 
> I would go with SHA512-CRYPT, since it is compatible with lots of other things. The field length is static and it contains ascii characters, and it appears to be 118 characters long, but it might be a good idea to use varchar(255) nevertheless, in case you decide to use something else someday.
> 
> With mysql, you can do
> 
> mysql> SELECT ENCRYPT('hello','$6$rounds=4000$s9Zc4OA11IuLt/iV');
> 
> i would advice using rounds for extra security, but this is of course up to you. The rounds parameter will make the algorithm to do 4000 rounds of SHA512 to make it less feasible to do brute force attacks.
> 
> Aki
> 

https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_encrypt
Note

The ENCRYPT() function is deprecated as of MySQL 5.7.6, will be removed 
in a future MySQL release, and should no longer be used. Consider using 
AES_ENCRYPT() instead.



More information about the dovecot mailing list