Ahoy Stack Overflow! This be mai first post...
I'm attempting to identify users with a salted unique public key.
- Algorithm - Should I use uniqid(), sha256, sha512, something else? All hashes will be salted. NIST recommended SHA256, but I like recommendations from geeks/scientists like me.
- Generation - Does hash(SALT +
AUTO_INCREMENT_PK
+CREATED_TIMESTAMP
) suffice? More entropy?- I'd use email, as it is unique for each user, however the user can modify their email address. I was also considering storing signup_email so that hashes would not have to be re-calculated.
- MySQL Storage - Currently, our ID's are INT(255)
auto_increment
primary key's. As stated earlier, potentially hundreds of millions of keys. Depending on the crypto algo, I should have a fixed-size ID. Can I keep INT(255) or should I use CHAR(n)?
---------------------- Thanks for reading :) -------------------------------