What is SHA-256

SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function that takes any input and produces a fixed 256-bit (32-byte) output. It is part of the SHA-2 family designed by the NSA and published by NIST in 2001. SHA-256 is the most widely deployed hash function in production systems today.

How it works

SHA-256 processes input in 512-bit blocks. The message is padded to a multiple of 512 bits, then each block passes through 64 rounds of bitwise operations — shifts, rotations, additions, and logical functions. These rounds mix the input thoroughly so that any single bit change in the input flips roughly half the bits in the output.

The output is always exactly 256 bits, typically displayed as 64 hexadecimal characters:

SHA-256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Change one letter and the output is completely different:

SHA-256("hallo") = d3751d33f9cd5049c4af2b462735457e4d3baf130bcbb87f389e349fbaeb20b9

No one has found a collision in SHA-256 — two different inputs producing the same hash. Breaking it would require roughly 2^128 operations, which is beyond any foreseeable computing capability.

Why it matters

SHA-256 is the standard hash for TLS certificate signatures, digital signatures, code signing, Bitcoin proof-of-work, HMAC authentication, and file integrity verification. When a system says it uses "SHA-2," it almost always means SHA-256. It replaced SHA-1, which was deprecated after researchers demonstrated collision attacks. Understanding SHA-256 means understanding the hash function behind most of the security infrastructure you rely on.

See How Hashing Works for the full treatment.

This concept appears in

How Hashing Works — One-Way Functions and Digital Fingerprints

What is SHA-256

How it works

Why it matters

Related

This concept appears in

Referenced by