Most importantly, if you're using hashing for password hasing, you should use key stretching, as using just one hash iteration is far too fast - and more importantly, is very likely to be much faster on an attacker's hardware than it is on your own (see empirical example, below), even if the attacker is a bored teenager with a single gaming video card. PBKDF2 (also known as PKCS #5 v2.0 and RFC2898), BCRYPT, and SCRYPT are all examples of this, and sufficient numbers of itertaions need to be chosen.
Per NIST SP800-131A, http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf SHA-1 is Disallowed for digital signature generation after 2010, Legacy-Use for digital signature verification after 2010, but remains Acceptable for non-digital signature use with no end date given. Therefore, if NIST special publications matter to you, you need to pay attention to what your use case is.
Note that SHA-512 uses 64-bit words vs. the 32-bit words fo SHA-256, and thus at this time, an attacker computing SHA-512 on graphics cards does not have as much of an advantage as computing SHA-256 on said graphics cards.
As an empircal example, oclHashcat-lite with a single Radeon 7970 v0.15 computes about 1.1 billion (with a B) SHA-256 tries per second, but only about 81 million (with an M) SHA-512 tries per second. Note that the same system computes about 2.8 billion (with a B) SHA-1 tries per second, and 8.2 billion (with a B) MD5 tries per second. As a contrast, oclHashcat-plus v0.15 on similar hardware computes WPA2 at 133 thousand (with a T) tries per second. WPA2 is defined as PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256).
Note that multiple graphics cards can be put in a single machine for roughly linear speed increases, and multiple machines can likewise be used for linear speed increases.
For password storage, see https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
