Have answered many times already . I advise you to read carefully. Also, on the same Habré, there are more recent sane articles: About storing passwords in a database (be sure to read the comments) Correct answers on cryptography: 2018 Directly on your questions: 1. When creating a password hash, generate a random salt. Store the hash + salt in the database. When checking a password, choose a hash + salt from the database, hash the resulting password with a salt, and compare the result with the hash from the database. 3. Each stored password hash has its own unique salt. 4. Salt is generated quite randomly because it
should be difficult to guess . This means that the entropy for this case is taken quite large, and you don’t have to worry about the fact that, purely theoretically, you can generate 2 identical salts. The probability of such a case is approximately comparable to the probability that all the air molecules in your room will take and gather in one corner, that is, it is extremely small (s). And even if you spend the entire supply of luck in your life on such a truly unique case, then nothing terrible and irreparable will happen - well, the attacker will understand that these 2 users have the same password, well, that's all - the passwords are still need to be hacked.
5. Yes, you can. Although the task of hashing passwords and the task of restoring access by token are 2 different tasks, with different given and goals, but the first task is part of the second, because you need to store the fingerprint of the user's secret in the database (which is a temporary recovery token). The algorithm is simple: generate a random temporary recovery token -> write its fingerprint (hash + salt) and lifetime to the database -> send the token to the user -> the user follows the link with the token -> check the validity of the token by its fingerprint and lifetime -> force user to enter a new password. In fact, a recovery token is a one-time temporary password that provides access to set a permanent password.
Well, the traditional advice: use the recommended algorithms (Argon2, Bcrypt, scrypt, etc.) to obtain fingerprints of user secrets, and not your own implementations. Everything is done there under the hood as it should, because there are also enough nuances in this matter (time cost, memory cost, constant time comparisons, etc.).

1. No. The salt can be stored next to the hash in the table
. You can use the same salt for all passwords, but very long
. If not enough, you can attach an immutable user account parameter such as creation date to the salt
3. Either all or none
4. The salt is not random. The salt (or part of the salt) is unambiguously bound to the user's record 5. It's easier to use the user 's
UUID + email link with storing the UUID in the user's record and checking it take on faith