password security in PHP

Question

What method would you call safest and most secure? I took these snippets off php.net. I\'m just wondering because people posted their own and I just couldn\'t catch on to u

Answer 1

1. It is a basic example of what we want, a salt added to the password
2. It is the same example but with the salt generation part.
3. A different method for salting, but still pretty equivalent
4. There's absolutely no point in this over complicated example, hashing with two different hash method many times absolutely don't improve security.
5. Like already said, there's absolutely no point to perform 10000 times a hash.

If you change the first example to :

this will be secure enough for 99% of the application.

The only question is how to generate the salt. I recommend a fixed salt ($salt2) and on salt generated for each user ($salt1) which is stored in the database along the password.

This way you're pretty secure against rainbow table attack even if someone retrieves the content of your database.