What's the difference between phpass and hash_hmac?

I'm trying to store a password in a cookie. Stackoverflow seems开发者_Go百科 to recommend hash_hmac but wordpress uses phpass?

What's the difference from a security perspective and which should be used?

---

This is a really bad idea. You should use session_start(), which does everything for you and then you can use $_SESSION to store information about that user. If you store a password hash in the database and use it as a cookie then you totally undermine the purpose of hashing passwords. An attacker can use sql injection to obtain the hash and then just login without having to crack the hash.

Wordpress was vulnerable to this a few years ago. That code base has had some very serious security problems.