How long should my password salt be, and is SHA-256 good enough?

Question

I\'m in the process of creating a gaming community site that I\'m aiming to release to the public soon. Currently, I\'m working on passwords and logins. I\'ve only used MD5

Answer 1

I've noticed a lot of confusion about how to do password hashing properly, especially on stackoverflow. And I've seen some REALLY BAD recommendations. So I've written a page that should clear everything up. There's a bit more to it than using a simple hash.

More info and source code: How to do password hashing properly

Feel free to share this link whenever someone has a question about password hashing. This is my first post on stackoverflow so sorry if I'm not doing it right