The most common and secure functions I came across were sha256/512 , bcrypt , HMAC , PBKDF2(Password-Based Key Derivation Function) and PHPass.
From what I've been reading speed is an enemy (http://codahale.com/how-to-safely-store-a-password/)
So I've been looking for the "slowest" secure hashing algorithm which I found is bcrypt and PHPass (http://www.openwall.com/phpass/).
Now I can't make up my mind which one to use.
What do you guys think? Which one should I go with and why?
Just to make sure:
1. bcrypt = crypt_blowfish right ?
2. bcrypt and PHPass are both hash + salt functions ? I mean I don't have to add salt, they already have the salt function built-in.
Thanks in advance!