Best PHP hashing method for storing user passwords in a MySQL table?

Question

I\'ve been reading Stack Overflow questions for about 15 minutes now and every single one seems to contradict the previous one I read. Bcrypt, SHA1, MD5, and so on. I currently

Answer 1

The reason you see contradictory answers is because there is no right one. You should use the most secure method that your application can support. More secure = more overhead.

MD5 has been broken and cracked.

According to this article, SHA1 is broken. However it has not yet been cracked.

bcrypt has not (to the best of my knowledge) been found to be broken.

Given enough CPU cycles, any hashing or encryption algorithm can eventually be circumvented. Your decision should balance the security of your data with the performance of your application.

Given those caveats, bcrypt is the defacto standard at this time. It is designed for strength, not speed, and is not known to be broken. For an index of information about bcrypt, see the bcrypt article on Wikipedia.