Possible Duplicate:
Is “double hashing” a password less secure than just hashing it once?
What do I gain by doing it? It slows hashing... does it automatically reduce possibility to somehow find out password from hash?
$password = '123456';
$iterations = 8;
$is_first = true;
for ($i = 0; $i < $iterations; ++$i) {
if ($is_first === true) {
$hashed_password = hash('sha256', $password);
} else {
$hashed_password = hash('sha256', $hashed_password);
}
$is_first = false;
}
If the answer is yes... how many iterations would be optional?
What other options of improving passwords security would you recommend (except salt and peanuts)?