[eluser]Jondolar[/eluser]
Another security option is to encode your code with either Zend or IonCube so if your code is stolen, your hashing algorithm can't be easily deciphered.
Some things to remember:
1. Using a salt requires 1 rainbow table to crack most, if not all, of the passwords in your table
2. Using a random salt per record requires 1 rainbow table per record to crack 1 record and the rainbow table must be rebuilt for each record.
3. Setting someone's password for them and not allowing them to change it requires them to write it down every time. Not one person in the world has ever, ever remembered a randomly generated password (well, there was one guy in Toledo back in '97). Every password in your database will be written down without fail or saved in an email forever. Don't do that.
4. Requiring the password to have upper/lower/numbers/specials and length requires the absolute most effort from a cracker and "most" users already have a remembered password with complex requirements.
In conclusion:
1. Put strong requirements on your passwords (it's been said many times before).
2. Hash with a random salt per record
3. Other things to consider AFTER you do the above is obfuscate your code, obfuscate the random salt field, etc.