On Sat, Oct 22, 2005 at 11:40:40PM +0000, truthhurts@insightbb.com wrote:
> Hi, I am trying to verify the return size that MD5 function returns. I dont see
> any details mentioned about this in the docs.
>
> Basically i am planning on storing passwords as md5(password) and want to know
> if i can just declare the password field to be something like VARCHAR(32) or
> even CHAR(32) if it's guaranteed that it will never be longer/shorter than 32
> chars.
RFC 1321 "The MD5 Message-Digest Algorithm" says that the algorithm's
output is 128 bits (16 octets, 32 hex digits), so if you ever see a
different length then I should think that's a bug.
Consider perturbing the input instead of using just the password
so identical passwords have different digests.
> Perhaps this is not that big of a deal and i could as easily just declare it as
> VARCHAR/TEXT without the size constraint. I just want to know what is best
> storage and performance wise?
For discussion of storage and performance characteristics, see "What
is the difference between the various character types?" in the FAQ
and "Character Types" in the documentation:
http://www.postgresql.org/docs/faqs.FAQ.html#4.10
http://www.postgresql.org/docs/8.0/interactive/datatype-character.html
--
Michael Fuhr
