I need to secure my password and here are my questions.
1. What is the best method of making a salt? I have seen enough arguments for not using user info but rather random values.
2. How do I know user salt if I used random one? Should I store on password database? If yes isn't it added advantage to a hacker.
3. Which hashing algorith is better? MD5 hash? SHA1 or what??