Hello,

I'm relatively new to PHP. Currently I'm using md5() to hash and store passwords. Something like:

Code:
$salt = 'SomeSaltString'; //fixed salt
$password = 'SomePassword';
$pass = md5($salt . $password);
According to the PHP manual, crypt() with blow fish is the way to go [unless you think my md5() hashing method above is sufficient]:

Code:
$hash = crypt('SomePassword', '$2a$07$StrThatIs21Characters$');
//output: $2a$07$StrThatIs21Characters.GDZ.DtvzhBXbOr3S5W68Rh5PFgnomoq
However, I don't quite understand how to implement this correctly. A few questions:

1]. $2a indicates strength level?
2]. $07 something to do with round trips? Please elaborate further on this...
3]. StrThatIs21Characters$ - salt needs to be 22 chars in length including the $. Should this be a fixed salt?? I'm getting conflicting info on this...

These are the important implementation questions:

4]. What part of the output should be stored in the database [in the password column]?
5]. What data type best suits the password column? Perhaps nvarchar?
6]. How should a login attempt be verified when using this method?

Many thanks!