I have a website which uses SHA1 hashing for passwords. I recently read the following article which argued not to use SHA1 for passwords since SHA1 was never designed to protect passwords: http://arstechnica.com/security/2012/08/passwords-under-assault/4/
Can you please recommend a good hasing method I can implement instead of SHA1 and please provide a link to a tutorial which describes step-by-step how to implement that encryption method using php?
First of all, SHA1 ain't an encryption algorithm, it is a hashing algorithm.
For password hashing, I advise the use of PHPass. It basically uses the best possible hashing algorithm available on the system your code is installed upon.
The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, also supported with our public domain crypt_blowfish package (for C applications), and known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).
bcrypt or scrypt, however, there is no real implementation of scrypt for php. This article is worth to be read and should give you all information you need: http://www.zimuel.it/en/strong-cryptography-in-php/
