How long should my password salt be, and is SHA-256 good enough?

Question

I\'m in the process of creating a gaming community site that I\'m aiming to release to the public soon. Currently, I\'m working on passwords and logins. I\'ve only used MD5

Answer 1

If you are really concerned, I would look at using the whirlpool hashing function instead of one of the SHA variants. Whirlpool has proven to be an incredibly strong hashing method, and has no history of collisions or any other weaknesses (that I know of, at least).

You can use whirlpool by employing the hash function of PHP. (Note, however, that hash() requires PHP 5.1.2 or greater.)