What is SHA-256?
SHA-256 (Secure Hash Algorithm 256) produces a fixed 256-bit (64-hex characters) digest from any input. Part of the SHA-2 family designed by the NSA and standardized by NIST in 2001, it is widely used for security-critical applications worldwide.
Security note: SHA-256 remains secure against current collision and preimage attacks—ideal for file integrity, digital signatures, and blockchain.
How SHA-256 works
- Pad the message → length ≡ 448 (mod 512) bits
- Append 64-bit big-endian message length
- Initialize eight 32-bit words (first 32 bits of square roots of primes)
- Process each 512-bit block through 64 rounds of bitwise operations
- Combine results to produce a 256-bit digest
Example Hashes
| Input | SHA-256 Hash |
|---|---|
Hello World | a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e |
password | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 |
test123 | ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae |
| (empty) | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
SHA-256 vs. Other Hash Functions
| Algorithm | Output | Security | Speed |
|---|---|---|---|
| MD5 | 128 bits | ❌ Broken | ⚡ Very fast |
| SHA-1 | 160 bits | ❌ Broken | ⚡ Fast |
| SHA-256 | 256 bits | ✅ Secure | 🚀 Moderate |
| SHA-384 | 384 bits | ✅ Secure | 🚀 Moderate-slow |
| SHA-512 | 512 bits | ✅ Very secure | 🚀 Slow |
Frequently Asked Questions
Is SHA-256 secure for passwords?
While SHA-256 is cryptographically strong, use specialized password-hashing algorithms (bcrypt, Argon2, PBKDF2) with salting for storing passwords.
Can SHA-256 be reversed?
No. SHA-256 is one-way; reversing requires brute-force or rainbow tables, which are impractical for complex inputs.
Why use SHA-256 over SHA-1?
SHA-256 offers stronger collision resistance and is NIST-approved for secure applications.