How to hash for verification but prevent information leakage?

I would appreciate some comments on the soundness of my reasoning below.

First, a brief description of what I want to do:

Input: 32 bytes of data stored on user's machine generated with PBKDF2.
Goal: Store some value [hash] on a server that will allow someone to verify they know the 32 bytes, but without leaking very much information if the server is compromised.

One could simply store the SHA-256 of the 32 bytes on the server. However, if the server was compromised, an attacker could [theoretically] brute force search all possible keys and discover the correct preimage (with probability of 2^128 -- the chance of finding a different collision).

I want to prevent this leakage of information (even if it's very small). So, what if I truncated the SHA-256 hash and only stored the first 3 bytes?

This would make the probability of finding a collision 2^23. Thus, about 2^233 out of 2^256 (input size is 32 bytes) possible inputs would result in a collision.

Thus, using only the first N bytes limits the ability of an attacker to identify with more certainty the input data.

At the same time, I don't want to truncate the hash too much, because then the probability of a collision becomes too high, and the user, who knows the 32 bytes, will be unable to verify with high probability that they have correctly re-generated the 32 bytes of data (from a pass phrase using PBKDF2).

Is my reasoning sound here? Any comments on this scheme? Thanks.