echo password_hash("password", PASSWORD_BCRYPT);
echo password_hash("password", PASSWORD_DEFAULT);
Why are common hashing functions such as md5() and sha1() unsuitable for passwords?
Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to "brute force" the output of these algorithms, in order to determine the original input.
Because of how quickly a modern computer can "reverse" these hashing algorithms, many security professionals strongly suggest against their use for password hashing.
$hashed_password = crypt('password');
if (hash_equals($hashed_password, crypt($_POST['password'], $hashed_password))) {
echo "Password verified!";
}