Best methodology for encrypting a password

Question

I read so many articles left and right about password encryption but it seems that they are mostly 2-4 years old.

I wonder if there have been new findings on what methodology has already been cracked and mainly what's the more secured way to encrypt a password for user logins on a public website today in 2013.

The main goal is to do a ONE WAY (not decryptable) secured encryption so using hash or not, using salt or not, that's what I'm hoping to learn here.

======================
Other question:
Does it make sense to change the SALT for each password instead of using the same one for all?

Answer 1

Here is an excelent site that talks about password hashing. I think it covers all of your questions: https://crackstation.net/hashing-security.htm

Answer 2

Does it make sense to change the SALT for each password instead of using the same one for all

A salt needs to be a different random string for each and every password.
Note the word random.
Usernames, the system clock and other low entropy data is not advisable.

using salt or not,

Hashing password without using a salt leaves you open to parallelization of the attack.
Not only does it allow rainbow tables, but it also allows the attacker to hash easy to guess passwords and compare the hash against all entries in the database.
This means that an unsalted database with 1,000,000 records in a million times easier to crack than one with 1 entry.
-Not good-

Read up on the subject at security.stackexchange
The leading expert on these subjects stalks the ranks at https://security.stackexchange.com

The canonical answer to your question is here: https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords

Thomas Pornin is a well known cryptographer and writes very informative, insightful and entertaining answers; check out his user profile. https://security.stackexchange.com/users/655/thomas-pornin

And don't miss out on the Chimps.