background preloader

MySQL

Facebook Twitter

Sql - MySQL error: key specification without a key length. Binary - Varbinary vs Blob in MySQL. How To Safely Store A Password. 31 Jan 2010 Use bcrypt Use bcrypt.

How To Safely Store A Password

Use bcrypt. Use bcrypt. Use bcrypt. Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}? These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. A modern server can calculate the MD5 hash of about 330MB every second. And that’s without investing anything. If you’re willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second.

Salts Will Not Help You It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks. Salt or no, if you’re using a general-purpose hash function designed for speed you’re well and truly effed. bcrypt Solves These Problems How? How much slower is bcrypt than, say, MD5? So we’re talking about 5 or so orders of magnitude. Tl;dr Use bcrypt. Updated February 24th, 2011. Why passwords should be hashed « Stack Exchange Security Blog. How passwords should be hashed before storage or usage is a very common question, always triggering passionate debate.

Why passwords should be hashed « Stack Exchange Security Blog

There is a simple and comprehensive answer (use bcrypt, but PBKDF2 is not bad either) which is not the end of the question since theoretically better solutions have been proposed and will be worth considering once they have withstood the test of time (i.e. “5 to 10 years in the field, and not broken yet”). The less commonly asked question is: why should a password be hashed? This is what this post is about. Encryption and Hashing A first thing to note is that there are many people who talk about encrypted passwords but really mean hashed passwords.

In shorter words: if MD5 or SHA-1 is involved, this is password hashing, not password encryption. How to Use MySQL's AES_ENCRYPT and AES_DECRYPT to Store Passwords in a Database. MySQL Consulting and NoSQL Consulting: MySQL DBA: Storing Passwords in MySQL. Securing plain text passwords in MySQL is NEVER a good idea.

MySQL Consulting and NoSQL Consulting: MySQL DBA: Storing Passwords in MySQL

As a DBA you should take great care in protecting the users' information. Fortunately MySQL provides you with several options to protect passwords. After a quick scan of the manual, you may be tempted to store the password by applying the password function to it which is NOT a good idea. MySQL itself advises against using PASSWORD to manage application passwords. Instead of using PASSWORD(), we can use SHA1 or MD5. You can apply SHA1 algorithm to a password string: mysql> SELECT SHA1('mysecretpassword');+------------------------------------------+| SHA1('mysecretpassword') |+------------------------------------------+| 08cd923367890009657eab812753379bdb321eeb |+------------------------------------------+1 row in set (0.00 sec) Since SHA is an alias for SHA1, it produces the same result To store passwords encrypted with SHA1, we need to be able to store 40 characters.

Using MD5 in your application is easy. Mysql - What does character set and collation mean exactly. Index. Hardware enthusiasts have been overclocking their PCs for years now, trying to push the limits of their hardware for maximum performance.

Index

Sometimes they are successful and their applications run speedy fast, while other times they push a little too hard and end up damaging the computer! Although it isn't quite as extreme, indexes in MySQL can increase the speed of your MySQL queries to squeeze a bit more performance out of your database. Indexes are created on a per column basis. If you have a table with the columns: name, age, birthday and employeeID and want to create an index to speed up how long it takes to find employeeID values in your queries, then you would need to create an index for employeeID.

When you create this index, MySQL will build a lookup index where employeeID specific queries can be run quickly. Indexes are something extra that you can enable on your MySQL tables to increase performance,cbut they do have some downsides. Sql - MySQL: Can't create table (errno: 150) MySQL Error Number 1005 Can’t create table ‘.mydb#sql-328_45.frm’ (errno: 150) MySQL Error Number 1005 Can’t create table ‘.

MySQL Error Number 1005 Can’t create table ‘.mydb#sql-328_45.frm’ (errno: 150)

\mydb\#sql-328_45.frm’ (errno: 150) UUIDs vs Integer Primarykeys. March 1, 2009 8:40 p.m.

UUIDs vs Integer Primarykeys

There's a bit of debate over whether UUIDs(or GUIDs - for Microsoft software) are suitable to be used as primary keys for objects in a database. I'm not so much going to describe the debate, as there's no point in arguing, it comes down to a design decision. You can think of the pros and cons, and decide for yourself. ID Creation One of the big concerns of using autoincremented fields from a database, is that if a lot of inserts are happening, especially distributed inserts, everyone is waiting on the database to generate a new id.

The advantage of using autoincremented values is there's a guarantee of uniqueness. Install MySQL Server 5 on Ubuntu.