Which factor reduces the effectiveness of the birthday attack against SHA-256?

The birthday attack on a hash function depends on the hash output length. For an n-bit hash, the probability of finding a collision becomes significant after about 2^(n/2) evaluations due to the birthday paradox. Increasing the output size makes this bound harder to reach, so the attack requires far more work. Since SHA-256 produces a 256-bit output, collisions already demand around 2^128 work; if the output were larger, the required effort would grow even more, making the attack less practical. The other factors don't offer the same protection: a smaller output would make collisions easier, salt changes the search space per salt rather than the fundamental collision bound for a fixed hash, and non-determinism disrupts straightforward collision analysis but doesn't inherently reduce the collision-cost scaling with output length.