We never store passwords in a password field. If we did that,
anyone with access to the database would have access to all the
passwords. Instead, we store the output from a one-way
cryptographic hashing function. That is, when a user creates a
password, we store the hash value generated from that password via
the hashing function. When the user subsequently enters their
password in order to log on, the hash value generated by the
entered password is compared with the stored hash value. If the two
hash values match exactly then the correct password was
entered.
Being one-way, it is not possible to determine the password from
the hash value, even if we know the precise implementation details
of the hash function employed to create the hash value. This is the
safest way to store passwords; we simply need to ensure that the
same hash function that was used to generate the hash is also used
to validate the user's password at logon.
Cryptographic hashes can vary in length depending on which
function was used to generate the hash value. Typical values are
128-bit, 160-bit, 256-bit and 512-bit, thus a fixed-length binary
field of the required length would be suitable for storing the hash
values.