Seeing as UUID_SHORT() returns a random 64-bit value, and SHA256 uses 256-bit encryption, you would be better off calling UUID_SHORT() four times and concatenating it as a binary value.
Using Mysql UUID_SHORT() for Password Salt
-
30-06-2022 - |
Question
I'm looking at adding a Salt number to our user password table. We are saving the user passwords hashed as SHA256.
My question is would using the number generated from Mysql's UUID_SHORT() function for example '23154192415719433' be sufficient for a password salt?
So in my database the password 'Test123' would normally stored as 'd9b5f58f0b38198293971865a14074f59eba3e82595becbe86ae51f1d9f1f65e' by calling
SELECT SHA2('Test123', 256)
Will now be stored as 'e5e7b87ba899a6f9ad8f8e68e0b209b6923e546df70b8e4a47f996533827bce1'
SELECT SHA2('23154192415719433Test123', 256)
Solution
OTHER TIPS
I expect that what you want is to
SELECT SHA2('password', 256)
give you always the same result which you can store/compare. UUIS_SHORT() does not return the same values after each invocation so store your passwords as hash as usual. What you can do to make it better is:
SELECT SHA2(CONCAT('password','some junk known only to you'),256)
You do need anything else.