Why not SHA-256

SHA-256 too fast. GPU: 10^10 hashes/sec. bcrypt cost 12: ~4 hashes/sec/core. Orders of magnitude slower for defender AND attacker.

Advertisement

bcrypt

Blowfish-based. Cost parameter. Salt built in. Standard for 20+ years. Still fine, no memory-hardness.

Advertisement

scrypt

Memory-hard. GPU/ASIC attackers need proportional memory. Adjustable N (memory), r (block size), p (parallelism).

Argon2id

Winner of Password Hashing Competition 2015. Argon2id balances side-channel + GPU resistance. Recommended for new applications.