pgcrypto and password hashing

I'm thinking about my choices regarding how to store passwords in Postgres.

One such option is to use pgcrypto. Reading their docs, I see that their crypt and gen_salt functions do not use sha256 but instead use custom version of the cryptographically broken md5. Why would Postgres developers use such a hashing algorithm for their password storing module given that it's not secure?

I suppose I should use, instead of the broken (at least in my eyes) pgcrypto module, the built in binary function sha256 together with a random salt.

Use a good password hash that slows down guesses. If you prefer to keep pgcrypto its best crypt() is currently bf, aka bcrypt based on Blowfish.

Or select an alternative that is known to cryptographers and has well tested implementations. Note this could be in application code. crypt() as a DBMS function is convenient but not required.

Feel free to crack your own password hashes, to show how many guesses per second is practical.

Outdated md5 and des algorithms exist because PostgreSQL is old. Password hashes still exist in tables somewhere, not updated yet because their users have not logged in for many years.

I suppose I should use, instead of the broken (at least in my eyes) pgcrypto module, the built in binary function sha256 together with a random salt.

Do not roll your own password hash algorithm. sha256 is a fast hash, the opposite of what a password needs.