9

I would be using MD5 hashing to store encrypted passwords. Password can be 6 to 40 characters long. What is the database column size required for storing the encrypted password. Also, if 40 characters hash size is very large, then how much hash size would a 20 character password take?

I am using FormsAuthentication.HashPasswordForStoringInConfigFile(stringToEncrypt, "MD5"); to generate hash for storing in Database.

Kate Gregory
  • 18,808
  • 8
  • 56
  • 85
Jatin
  • 4,023
  • 10
  • 60
  • 107

3 Answers3

31

A hash algorithm always maps an arbitrary sized message to a fixed-length representation. In other words, you can hash an empty string or many gigabytes of information. The hash size is always fixed.

In your case the hash size is 128 bits. When converted to an ASCII string it would be a 32 character string that contains only hexadecimal digits.

Community
  • 1
  • 1
Mehran
  • 1,977
  • 1
  • 18
  • 33
  • Thanks a lot. I will use a 32 char column to store the hashed password. – Jatin Aug 09 '11 at 09:00
  • 9
    Remember, if you're manually hashing passwords, you're [doing it wrong](http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html). Please [use bcrypt](http://stackoverflow.com/questions/481160/is-bcrypt-a-good-encryption-algorithm-to-use-in-c-where-can-i-find-it). – Greg Hewgill Aug 09 '11 at 19:51
7

http://msdn.microsoft.com/en-us/library/system.security.cryptography.md5.aspx

The hash size for the MD5 algorithm is 128 bits, regardless of the length of the string being hashed.

Consider using a newer hashing functions like SHA 256.

Jakub Konecki
  • 45,581
  • 7
  • 87
  • 126
  • 1
    Or for storing passwords, [use bcrypt](http://stackoverflow.com/questions/481160/is-bcrypt-a-good-encryption-algorithm-to-use-in-c-where-can-i-find-it). – Greg Hewgill Aug 09 '11 at 19:52
3

MD5 hashes are always exactly 16 bytes (128 bits) long, no matter how long the input is.

Greg Hewgill
  • 951,095
  • 183
  • 1,149
  • 1,285