Is the new PHP 5.5 password_hash function secure enough for production applications? (That is, if you follow the recommendations regarding cost and not generating your own salt)<p>Are the better alternatives out there for PHP?<p>If someone is using a different BCrypt alternative, should they implement this instead?