7

Is there a real difference (meaning does it have any added [security] value to do it this or that way) in storing password hash as varchar or a varbinary?

Improve this question

1 Answer 1

Reset to default
8

Not really.

Storing it as a varbinary will allow you to use characters outside of your current codepage. You could avoid that by using nvarchar over varchar.

Storing it as varbinary will also make the data present in a hexidecimal format, but this is really not any serious level of protection.

A good reason to store it in varbinary would be that it is in fact binary data, not character data - but this has nothing to do with securing the data per se.

Your security will come form using a proper hashing algorithm and properly securing access to the database/table(s) in question, including ensuring that applications with the proper access levels parameterize their queries.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I think I know quite enough about password security, but I always used nvarchar to store the hashes and I've done some research recently and it seems that a lot of posts use varbinary, so I've been wondering whether I missed something or not.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.