Possible Duplicate:
hash() vs. crypt() function comparison
Recently I researched how to properly do password hashing in PHP. One of the better options is to use crypt(). But why wouldn't we use hash()?
The main reason I am asking this is because I made a password hashing function that wraps crypt() and I am wondering what to name my function. Right now it's named getHash(). But I feel funny using that name since I am wrapping crypt(). If I use getCrypt() that doesn't sound great either because it's meant to be a HASHING function. What should I name my hashing function that wraps crypt()?
Hashing, as used by hash, is meant to verify data (like files), normally as a checksum sort of thing. It is fast, which is why we don't use it for secure data.
Crypt (when used correctly) uses a slow hashing algorithm. The reason a slow hashing algorithm is important is because it makes it difficult for someone to brute-force the hash. If the slow hashing algorithm takes even 0.1 milliseconds longer than the fast hashing algorithm, then trying 10000 passwords will take a second, and of course, brute-forcing would require millions of tries.