Why so impossible? They somehow do it. Usually they take a password
from user, concat some unique to particular PC information to it,
calculate something like SHA-256 hash from the result, then store the
hash. Original password is rather hard even for your MI5 to reverse
engineer from it.
For SHA-256, aka one of the SHA-2 hash functions, it is currently
somewhat hard for MI5 to find a weakness. However, IIRC it's not a
provably secure cryptographic hash, just like its predecessor SHA-1,
and there are known weaknesses to SHA-1. It's not entirely out of the
question for someone to find a weakness for one of the SHA-2 hash
functions. When doing a one-way hash of a password, I'd rather use a
provably secure cryptographic hash function. Speed isn't of the
essence, so one can take the speed hit in exchange for the knowledge
that breaking your hash is at least as hard as some NP-complete
problem.
Also, why only 256 bits? There's SHA-512, one of the SHA-2 hash
functions. It's not like you're encoding and decoding messages over
the internet in real time. If it's for a password, go the distance and
get the best you can.
However, I doubt this will help in any significant way for the OP's
problem (it would help if he more thoroughly defines it), so I mention
this only as commentary.