I want to use a blowfish crypt() in php but I am scared that i will use a wrong salt. Is there something like a wrong salt? And is a salt that is for instance 2020352352 worse than salt that is lkfjaslj5l3k? I know you should put something random in it and I am planning on doing that.
Why reinvent the wheel?
Password_hash()uses a strong hash, generates a strong salt, and applies proper rounds automatically.password_hash()is a simplecrypt()wrapper and compatible with existing password hashes. Use ofpassword_hash()is encouraged. Source: Crypt - PHP Manual
If you want to use blowfish:
PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash.
The salt that you can pass through the (array) $options argument is optional, if omitted password_hash() will automatically create a salt. You can count on password_hash() coming up with a good enough salt, i.e. secure.