In our php application, we generate password hashes with
You can store the result of
password_hash() is something you can save in a normal
VARCHAR(255) column, it's not binary data, just a string that looks like:
These are, of course, case sensitive but they'll never use anything but regular letters, numbers, and a select few bits of syntax.
This column does not need to be indexed, in fact that would make almost no sense. The
password_verify() function works against a specific password and is deliberately slow, testing versus every user in the system would take a long time. This is to make it harder for people to brute-force guess passwords.