SHA256 is a cryptographic algorithm used by cryptocurrencies such as Bitcoin. However, it uses a lot of computing power and processing time, forcing miners to form mining pools to capture gains.
Secure Hash Algorithm  

Concepts  
hash functions · SHA · DSA  
Main standards  
SHA0 · SHA1 · SHA2 · SHA3


General  

Designers  National Security Agency 
First published  2001 
Series  (SHA0), SHA1, SHA2, SHA3 
Certification  FIPS PUB 1804, CRYPTREC, NESSIE 
Detail  
Digest sizes  224, 256, 384, or 512 bits 
Structure  Merkle–Damgård construction with Davies–Meyer compression function 
Rounds  64 or 80 
Best public cryptanalysis  
A 2011 attack breaks preimage resistance for 57 out of 80 rounds of SHA512, and 52 out of 64 rounds for SHA256. Pseudocollision attack against up to 46 rounds of SHA256. SHA256 and SHA512 are prone to length extension attacks. By guessing the hidden part of the state, length extension attacks on SHA224 and SHA384 succeed with probability 2^{−(256−224)} = 2^{−32} > 2^{−224} and 2^{−(512−384)} = 2^{−128} > 2^{−384} respectively. 
SHA2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA). Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed "hash" (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data's integrity. For example, computing the hash of a downloaded file and comparing the result to a previously published hash result can show whether the download has been modified or tampered with. A key aspect of cryptographic hash functions is their collision resistance: nobody should be able to find two different input values that result in the same hash output.
SHA2 includes significant changes from its predecessor, SHA1. The SHA2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA224, SHA256, SHA384, SHA512, SHA512/224, SHA512/256.
SHA256 and SHA512 are novel hash functions computed with 32bit and 64bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA224 and SHA384 are simply truncated versions of the first two, computed with different initial values. SHA512/224 and SHA512/256 are also truncated versions of SHA512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 1804. SHA2 was published in 2001 by the National Institute of Standards and Technology (NIST) a U.S. federal standard (FIPS). The SHA2 family of algorithms are patented in US patent 6829355. The United States has released the patent under a royaltyfree license.
In 2005, an algorithm emerged for finding SHA1 collisions in about 2,000 times fewer steps than was previously thought possible. In 2017, an example of a SHA1 collision was published. The security margin left by SHA1 is weaker than intended, and its use is therefore no longer recommended for applications that depend on collision resistance, such as digital signatures. Although SHA2 bears some similarity to the SHA1 algorithm, these attacks have not been successfully extended to SHA2.
Currently, the best public attacks break preimage resistance for 52 rounds of SHA256 or 57 rounds of SHA512, and collision resistance for 46 rounds of SHA256.
SHA256 and SHA512, and, to a lesser degree, SHA224 and SHA384 are prone to length extension attacks, rendering it insecure for some applications. It is thus generally recommended to switch to SHA3 for 512 bit hashes and to use SHA512/224 and SHA512/256 instead of SHA224 and SHA256. This also happens to be faster than SHA224 and SHA256 on x8664, since SHA512 works on 64 bit instead of 32 bit words.