Checked a lot of tutorials and guides about Encrypting and Hashing on StackOver and I do now understand the difference between both of them. Encryption when we need decryption. Hash when you don't (e.g: passwords).
But my question today is, for generating random unique tokens. A lot of people recommend using base64_encode(rand_bytes(32)); because it generates a secure cryptographical id with random bytes/letters so it takes a long time to be cracked by a brute force ( to be predicted ).
But when you, for example, hash_hmac or crypt that id will it make it weaker? If so it won't matter if you use mt_rand or random_bytes as it will generate other letters/id. So what do you guys recommend?
Also, Is crypt better than hash_hmac for hashing?
The last question, Since blowfish has a really strong hashing algorithm, do I need to store my, for example, PHPSESSID or CSRF token with it or just a normal random_bytes?
Please guys, provide me with detailed information about these questions or documentation. Sorry for my lack of information and inexperience, I am new to PHP coding and thanks!
Edit: I have seen some guides on SO, not covering all my questions, so I need a 2017 detailed information not a 10 years ago post where md5 was the best etc..!