How to make absolutely original salt for every user?
Is it better to use time()
function in PHP?
In many cases, a simple uniqid(mt_rand(), true)
will do to generate a random salt. Combined with Blowfish should give you a pretty good password hash.
Alternatives are a pseudo random source such as /dev/urandom
or openssl_pseudo_random_bytes()
. There are also services that generate random data for you (based on radio-active degradation).