This question already has an answer here:
Excuse my knowledge because I am still learning to code on my own and not an expert.
I use crypt with blown fish $2a$10$, My secured password will show this for instance, $2a$10$137276602359697140be5eISqj55.fGmbUo4PEZoLRpWmxspLiWJK
As it starts with $2a$10 they will know the way I used, will it affect me? Can they->hackers even do anything with my secured password as I use random salt/key hashed and encrypted? (Rainbow tables).
Because I got scared after I saw this Password IMAGE
Finally, last question. Heard that loops make it longer/slower to get password results during an attack but, what does it do to $hash? Maximum loop limit ? Does it have any side-affects?
for($i = 0; $i < 100000; $i++) {
$hash = crypt('sha512', $hash);
}
Thanks for reading, every answer will be much appreciated. Best regards, Mr Pro Pop!
</div>
Behind this wall of text what I understood is that you are looking for the proper way to encode a password for storage in database.
Use the password_hash() and password_verify() functions to properly build a hash.
They rely on the BCrypt algorithm by default, which implements natively a salt plus a repetition of encoding on an exponential level, ensuring that passwords are slower to crack.
Don't bother going complex ways, this road is properly standard in PHP and you should stay on this road.
Edit:
Note for your updated question: yes for the attackers knowing the algorithm helps a little bit, but it is not preventing any attack to remove that portion of the hash.
As soon as your hashes are leaked, the real problem is on why are they leaked. Most probably any modification you perform to the hash will be written in the source code and can't be a real secret.
Stay on the road, stay safe.