It's reasonable to expect an attacker to have a SHA256 ASIC given Bitcoin making those a commodity
Potentially this can be offset if your server has https://en.wikipedia.org/wiki/Intel_SHA_extensions but if you're running on cell phones that's not there
See also https://bitcoin.stackexchange.com/questions/36253/what-minin...