Why not SHA-256
SHA-256 too fast. GPU: 10^10 hashes/sec. bcrypt cost 12: ~4 hashes/sec/core. Orders of magnitude slower for defender AND attacker.
Advertisement
bcrypt
Blowfish-based. Cost parameter. Salt built in. Standard for 20+ years. Still fine, no memory-hardness.
Advertisement
scrypt
Memory-hard. GPU/ASIC attackers need proportional memory. Adjustable N (memory), r (block size), p (parallelism).
Argon2id
Winner of Password Hashing Competition 2015. Argon2id balances side-channel + GPU resistance. Recommended for new applications.