Atif Shahab Qureshi - 2015-12-22 17:40:03 - In reply to message 2 from jimmydorry
First of all, thank you so much for sharing your knowledge. Now, i have just mentioned there passwords must be hashed using at least SHA1 or a stronger hashing algorithm . It means that SHA1 is the least preferred choice. SHA1 and MD5 have limitations too. What i meant was passwords should always be validated using encrypting functions.
Manuel Lemos - 2015-12-22 18:41:29 - In reply to message 4 from Atif Shahab Qureshi
Yes, password_hash is more recommended not just because it uses stronger hashing algorithms but also because there is a cost factor that determines how many times the hashing should be applied, thus making it much more expensive to compute the hashes and find the original password with brute force methods.
The only matter about password_hash is that it requires PHP 5.5 and not everybody is on that PHP version yet.
Anyway, as moderator I have changed the text to not recommend SHA1 at all because soon or later everybody will be using PHP 7.