To store user passwords I am going to SHA 256 + salting. Just wanted to confirm if these are correct. Business requirement is password should be minimum 8 inputs and maximum 32 inputs. (any input is valid except blank space)
So to meet these requirements the plan is:
Front end - validate max input of 32 & min input of 8.
Backend the Database (MySQL) schema will be:
pass_hash(64) CHAR - store password hash
pass_slt(32) VARCHAR - store unique salt for each user
For salting I am not sure what value to use as yet. But i think when users create an account I will create a random character for each user and use that. Then the other question is: Do i store the salt as plain text or need to hash/encrypt that too?
Also I dont know if it matters but can passwords support multi-language with this current plan or will I run into any issues? (I am talking about funky characters like Arabic, Chinese, etc)