varchar better for passwords? Security
Heard that as a measure of security, it's good to set a fixed length for a password regardless of how long the actual password is - so that the time of checking (comparing) doesn't vary.
Would setting it as a char be the way to do that? Or there's some other - more advanced - mechanism in place?
Thanks for reaching out.
You can see that VARCHAR is beneficial if the length of the string that you are storing is variable. The reason why CHAR is often used for password fields is because the output of hashing algorithms is consistent regardless of the length of input.
Hope this helps.