[acchow]

"??? My first guess has two green letters, or 8 bits of the hash are known. This excludes 255/256 of possible passwords"

Sha256 is a one-way hash. Knowing some of the sha256 doesn't tell you anything about the plaintext.

Put another way, the matching SHA characters are just a decoy. That's the joke. They could give you the SHA256 hash up front and you'd still have to search the entire password space.