Is storing a private key generated by the client that is encrypted by the users password safer than storing a hash of a password? (The encryption part is done client side and it will be sent to the server the users password won't be sent to the server)
It depends what you're talking about.
If i'm the client:
58 3b ae a9 de 37 88 e6 ed a2 9f 45 db 8b 9f 56 ef e1 aa 25 ac 52 f6 3d 02 dd 1b 86 1f c5 39 443e 35 33 46 fe a2 04 09 58 ff 1a 29 41 97 cb 6d 44 32 5f 4a 74 01 90 1d f3 32 eb 2c 6e 49 e1 19What you've done is have the client create a strong password with extra steps. I can convert those bytes to a string:
4uG,crh9N%=T99g6'oc36o&+AF9.IDo.oV_DFre)
This is now the user's "password". When they login to your site, you need to validate that password. That means that you must securely store that password in your system - and taking the SHA-256 hash of that password is not secure.
What if instead the user generates a "private key":
58 3b ae a9 de 37 88 e6 ed a2 9f 45 db 8b 9f 56 ef e1 aa 25 ac 52 f6 3d 02 dd 1b 86 1f c5 39 44
And they send that to the server, and you will encrypt it with the user's password: how did you know the user's password!?
You can't do that, because you can't know their password.