[lucb1e]

When "other SHA256 purposes" are implemented correctly, this is no issue at all. For example hashing passwords should use bcrypt or something similar, and HMACs should use long enough keys. While you may increase the search speed with ten orders of magnitude, it's still well beyond our current capabilities to successfully crack any SHA-2 hash.

See also the answer I just posted on the SE question.

[interstitial]

Since the hypothetical brokenness of SHA256 is unknown, can we be sure there is a "correct" way to implement "other purposes"? Surely, it's conceivable a new attack could exploit an unforeseen weakness in all those uses.