I read all the forums and tutorials about this password_hash(), which seems to be good for password protection.
But now I want to know whether it is better to create my own salt and hash for a function like
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
password_hash($password, PASSWORD_BCRYPT, $options);
Or just let the function do this:
password_hash($password, PASSWORD_DEFAULT);
There seems to be a lot of discussion about whether it is good or bad to use your salt.
Can someone explain why its bad (or not) to use your salt?
source
share