[fractionalhare]

No, SHA-2 has not had its margins eroded "significantly", and you should not feel nervous about using it whatsoever. It's fundamentally different from MD5 in structure, so you shouldn't extrapolate a few years' worth of minor weaknesses to forecast major weaknesses in the near future.

The website you've linked is citing legitimate cryptanalytic papers, but it loses credibility by interpreting systems with minor weaknesses as "not considered strong." Minor weaknesses are exhibited in all cryptosystems older than a few years. Can you find me a professional cryptographer who will say SHA-2 is not strong? Because I can't think of any. The authors of these cryptanalytic papers would probably choose it for new projects without being nervous.

It's an attractive idea that cryptographic algorithms will trend towards insecurity over time. But that's a very oversimplified look at how they work, and it's not a reliable prediction over a period <20 years. We are almost certainly several deep research breakthroughs away from a meaningful break in SHA-2.

But I'm just some guy on the internet. If you don't trust my opinion on this, here is the opinion of one of the BLAKE authors, a finalist in the SHA-3 competition: https://twitter.com/veorq/status/834872988445065218