I'm working on a project that will handle sensitive data. The data is shared over physical media between encrypted disks, however post-processing on each computer is required to get a useful dataset. We are thinking to keep the post-processing script in a public repo to simplify progress sharing, and it could be useful to verify the resulting data set with a hash to ensure everyone obtains the same processed set, since we will be working on multiple datasets down the line.

Should I have any reservations against using a SHA-256 or higher? As far as I understand a preimage attack is highly unlikely to ever be possible, but I'm a bit out of my depth here.

Would there be any difference between SHA-256 and SHA-512/256? I.e. would the ambiguity from a truncated hash help "protect" against a hypothetical preimage attack in case one becomes possible in the future, or is the only difference between the two algorithms runtime on different architectures?

The files in question will be on the order of at least a few hundred kb.

I realize that I may be overly paranoid, but considering it's a minor nice-to-have rather than a necessity, I figured it's better to leave out the (public) hash verification if it could theoretically open up a preimage attack down the line.