Interesting choice, using SHA-256

[julfo]

But is it really the best option, security wise?

(Hint: The answer is no.)

[hcuk94]

What would you recommend?

[julfo]

In an ideal world, Scrypt. But, sadly, this is not an ideal world, and there doesn't appear to be a pure PHP implementation of Scrypt (of course you could wrap some c++ for PHP compatibility but the issue with doing this is a: some hosts probably wouldn't support it, and b: there is the potential for more security flaws to be introduced wrapping external functions in such a fashion). Wow, what a long sentence.

Instead of using Scrypt then, the next best thing is BCrypt. BCrypt can easily be implemented in recent versions of PHP which include built-in Blowfish algorithm support (I'll let you research how to implement it). The nice thing about Bcrypt is that it's slow as hell (and you can make it as slow as you want really). This means that, should someone get hold of your database, it will take ages to break each hash. Bcrypt is also easily scaled to be Moores Law-proof. This is where SHA256 (and all of the candidates for SHA3, too) fail: they are so damn fast. The problem is, the "SHA-X" family is designed, primarily, to basically be an incredibly lossy compression algorithm; it simply takes data and makes it smaller. It is designed with speed in mind (I can calculate 1030 million sha256 hashes PER SECOND on my computer, which isn't even designed to be breaking hashes). While this gives the benefit of completely and irreversibly obfuscating data, there is still the issue that, without being designed specifically to provide security, these functions WILL have security flaws. Look at where MD5 and SHA-1 ended up.

Basically, use BCrypt unless you fancy wrapping a c/c++ function in php and (potentially) alienating some of your users.

Essay over.