What is SHA-256?
SHA-256 (Secure Hash Algorithm 256) produces a fixed 256-bit (64-hex characters) digest from any input. Part of the SHA-2 family designed by the NSA and standardized by NIST in 2001, it is widely used for security-critical applications worldwide.
Security note: SHA-256 remains secure against current collision and preimage attacks—ideal for file integrity, digital signatures, and blockchain.
How SHA-256 works
- Pad the message → length ≡ 448 (mod 512) bits
- Append 64-bit big-endian message length
- Initialize eight 32-bit words (first 32 bits of square roots of primes)
- Process each 512-bit block through 64 rounds of bitwise operations
- Combine results to produce a 256-bit digest
Example Hashes
| Input | SHA-256 Hash |
|---|---|
Hello, World! | dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f |
password | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 |
123456789 | 15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225 |
| (empty) | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
SHA-256 vs. Other Hash Functions
| Algorithm | Output | Security | Speed |
|---|---|---|---|
| MD5 | 128 bits | ❌ Broken | ⚡ Very fast |
| SHA-1 | 160 bits | ❌ Broken | ⚡ Fast |
| SHA-256 | 256 bits | ✅ Secure | 🚀 Moderate |
| SHA-384 | 384 bits | ✅ Secure | 🚀 Moderate-slow |
| SHA-512 | 512 bits | ✅ Very secure | 🚀 Slow |
Frequently Asked Questions
Is SHA-256 secure for passwords?
While SHA-256 is cryptographically strong, use specialized password-hashing algorithms (bcrypt, Argon2, PBKDF2) with salting for storing passwords.
Can SHA-256 be reversed?
No. SHA-256 is one-way; reversing requires brute-force or rainbow tables, which are impractical for complex inputs.
Why use SHA-256 over SHA-1?
SHA-256 offers stronger collision resistance and is NIST-approved for secure applications.