As we know, md5 is totally unsafe these days and i wonder if the default password_hash() has already been cracked?
Could you tell me what hashing algorithm does it use in the default?
And what are the best hashing algorithms to this day (for password storing).
Thanks.
I would recommend using the password_hash() algorithm. It uses the Blowfish password algorithm by default (but you can change it). The salt option of this of the method is now deprecated in php 7.0.0 and uses the salt that is automatically generated.
for more information, go have a look at: http://php.net/manual/en/faq.passwords.php http://php.net/manual/en/function.password-hash.php