Reply To: Try out my first PHP web app!

[__]

PHP 5.5 Password hashing API is just a wrapper for bcrypt().

hehe… sure makes it easier, though.

Im pretty sure the password_hash(‘$password_submitted’, PASSWORD_BCRYPT) automatically gives a unique salt. Is this correct?

Yes, and this is the recommended way to go. Don’t bother with making up your own salts. The only thing you might want to change (eventually) is the cost: time how long it takes to complete, then adjust it until it takes your server about .5 seconds to finish.