I've been reading all kind of forums and tutorials about this password_hash() that seems to be good for password protection.
But now i want to know if it's better to make an own salt and hash for the function like
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
password_hash($password, PASSWORD_BCRYPT, $options);
Or just let the function do it:
password_hash($password, PASSWORD_DEFAULT);
There seems to be a lot of discussion about whether or not it's good or bad to use your own salt.
Can somebody explain why its bad (or not) to use your own salt?
Because if you don't create your own salt, It will create a secure salt automatically for you.
From the documentation :
Caution
It is strongly recommended that you do not generate your own salt for this function. It will create a secure salt automatically for you if you do not specify one.
So, for answer your question, if you don't know more about salt or other... Just don't use your own salt, this function is strong enough !