Possible Duplicate:
Is “double hashing” a password less secure than just hashing it once?
What do I gain by doing it? It slows hashing... does it automatically reduce possibility to somehow find out password from hash?
$password = '123456';
$iterations = 8;
$is_first = true;
for ($i = 0; $i < $iterations; ++$i) {
if ($is_first === true) {
$hashed_password = hash('sha256', $password);
} else {
$hashed_password = hash('sha256', $hashed_password);
}
$is_first = false;
}
If the answer is yes... how many iterations would be optional?
What other options of improving passwords security would you recommend (except salt and peanuts)?
Slowing hashing is good.
If an enemy gets your password hashes, you want him to be forced to take a long time to try each hash.