PHP.net says that md5() and sha1() unsuitable for password?

Question

http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

I\'m storing user passwords in a MySQL database in hash form. Does this mean that it is unsafe to d

Answer 1

Has been answered many times before. You can use something like SHA-256 http://php.net/manual/en/function.hash.php but you should also salt the password before hashing it and you can iteratively hash the password - so in the unlikely event it is cracked it will only reveal another hash (in other words, cracking the password takes much longer).