85

Is the length of a string hashed with sha512 always the same?

If so, what is it?

Jojodmo
  • 23,357
  • 13
  • 65
  • 107
DjOnce
  • 969
  • 1
  • 8
  • 13
  • http://crypto.stackexchange.com/q/2144/23595 – gotqn Sep 14 '16 at 06:09
  • Does this answer your question? [What data type to use for hashed password field and what length?](https://stackoverflow.com/questions/247304/what-data-type-to-use-for-hashed-password-field-and-what-length) – Michael Freidgeim Jan 31 '20 at 08:04

1 Answers1

137

As the name implies, it's 512 bits, that is 64 bytes.

But that's the hash, maybe you're wondering about a specific representation of that hash in string, as is commonly used, then it depends of the given representation.

If you write the hash in hexa, then it will be 128 characters.

If you write the hash in base64, then it will be 86 bytes (or 88 with padding).

Denys Séguret
  • 372,613
  • 87
  • 782
  • 758
  • 1
    which means 64 characters long? – DjOnce Aug 14 '13 at 15:38
  • 1
    if raw_output of the php hash function is true the outputted chars should be less. – Raymond Nijland Aug 14 '13 at 15:38
  • 9
    the default is hex - 128 characters – Tiago Aug 14 '13 at 15:41
  • 2
    @DjOnce, @dystroy It's been a while since this question has been answered. But thought I should add something here. In case you are trying to design the database tables to store the hash value. Run this in MySQL to get the length: `length(sha2('password',512));`. This will give you the length as 128. – LalakaJ Jun 29 '14 at 16:24
  • 1
    Though dystroys anwswer is perfectly valid, note that in terms of session.hash_bits_per_character the hash length may vary based on the bits per character set at php.ini - see: http://php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character and http://stackoverflow.com/a/17032075/1510754 – conceptdeluxe Oct 04 '14 at 21:15
  • @DjOnce, not really 64 chars long, as some of those bytes could map to "unprintable" characters (such as nul, or control chars, etc..) – Andrew Theken Jun 09 '16 at 12:19
  • You mean `86 characters` not `86 bytes`, right? Since in some language (e.g java) each char is not just 1 byte. And, seems in Java it's always pad out as string of length 88. – Eric Feb 23 '18 at 07:47
  • 1
    @EricWang You use base64 when exchanging, in context where it makes sense. If you're interested in *storing* hash in the memory of a java program, don't use base64, use the standard byte representation. – Denys Séguret Feb 24 '18 at 12:42
  • @DenysSéguret In my case, the base64 string is stored in some database, but Java program need to read it, then decode as key (bytes), then do some validation. – Eric Feb 24 '18 at 13:54
  • @EricWang base64 encoding should really be used only when needed, for example in URIs. In all other cases just use byte arrays. – Denys Séguret Feb 24 '18 at 14:03