Should we use 'password_hash()' to protect passwords in the OBD?
I see there are two options, more or less to protect the user passwords located in the MySQL OBD in case of illegal entry.
1. Option:We're connecting the user. password+salt, the data obtained are scrambled through the encryption method XOR We're talking about a key word, and it's all on a hex code. SHA256♪
Shifre XORstored in a folder closed, one level above the original site element. Salt and SHA256 - in the OBD.
2. Option:Use standard function password_hash() and password_verify() and don't do anything else.
Tell me if you should use it. password_hash, or it's best to make it happen. First option?
Read it, it's pretty good information. http://php.net/manual/ru/faq.passwords.php