password length

What is the recommended DB field length for passwords. I have previously used CHAR 60 but that site uses PHP 5.4 so I believe that ‘crypt’ is used for the $passwordHashStrategy property.

I am building a new one with PHP 5.6 now and note in the docs that it says that password-hash length may increase in the future. So just wanted some ideas of a suitable length.

This is not exactly the answer you are looking for, but it should solve your problem.

If you use yii the and therefore the migrate command to update user table, it will take care of any change in the specification.

Password length depends on what encoding you are using for the password.

Password can be encoded in various way, fore example you can encode multiples times the password with different crypting system, and the resulting length depends on the last one applied.

You can even chose to combine login and password and crypt the together so even if 2 accounts have the same password you don’t know it by just looking at db data

If you eventually made a completely custom user model and can’t use yii migrate, just create the password field as varchar(250), this should keep you safe from any change

while char field use always the complete size of the filed to store the information, varchar use the real size of the data + 1 char.


I’ve 2 file filed_1 char(20) and filed_2 varchar(20)

When I store ‘this is my word’ (total of 15 char) in both, the physical size on the disk of filed_1 is always 20 char but filed_2 is 15+1= 16 chars.

I’m speaking of chars because the size in byte depends on the character codification. For normal iso char (i.e. ISO-8859-15) is 1 byte per char, for utf8 is 2 byte per char).

So is not a big issue declare the password filed size as "big" varchar