I am searching the internet for what type of hashing algorithm should I use to store passwords in MySQL database and for sending email confirmation messages with hashed token, the algorithm should include: 1- at least 14 chars random salt (uding udev random) 2-a key that will be stored on the server 3-timestamp 4-a very strong and secure hashing algorithm using the function hash_***(is this the best?)
I haven't found elegent code that workds, could you please show me
Thank you
Follow the examples provided in PHP the Right Way under password hashing:
require 'password.php';
$passwordHash = password_hash('secret-password', PASSWORD_DEFAULT);
if (password_verify('bad-password', $passwordHash)) {
// Correct Password
} else {
// Wrong password
}
DO NOT under any circumstances "invent" your own algorithm. These are notoriously tricky to get right and unless you have a background in cryptography you will almost certainly get it dangerously wrong.