Well sha512 is more unbroken than sha256?

My server supports md2 md4 md5 sha1 sha224 sha256 sha384 sha512 … well sha512 is more unbroken than sha256?
(I am a reader of sitepoint book by Lorna:“PHP Master: Write Cutting-edge Code” but only sha256 refers…)
This is correct usage?


<?php
$salt = '378570bdf03b25c8efa9bfdcfb64f99e';
$hash = hash_hmac('sha512', $_POST['password'], $salt);
$query = 'SELECT user_id FROM users WHERE username = ? AND password = ?';
$statement = $pdo->prepare($query);
$statement->execute(array($_POST['username'], $hash));

You should use the password_hash() function in PHP for password processing and save all of those other hash functions for what they are really intended for - testing whether a file is unchanged between two occassions where a hash of the file is produced - even the smallest unnoticeable change to the file will result in an entirely different hash.

To test a password use the following (where $password is the plain text password received and $hash is the saved copy from the database)

if (password_verify($password, $hash)) {
        if (password_needs_rehash($hash)) {
            $hash = password_hash($password);
            /* Store new hash in db */
        }
    }

Use just the password_hash() call to set the value to save for the password in the first place.