What is SHA-256?
SHA-256 (Secure Hash Algorithm 256-bit) is the dominant cryptographic hash function of the modern internet. Designed by the NSA and standardized by NIST in 2001 as part of the SHA-2 family, it produces a fixed 256-bit (64 hex character) digest from any input.
SHA-256 is used in TLS 1.3, HTTPS certificates, Bitcoin mining, Amazon S3 checksums, Docker image digests, code signing, and countless other critical applications.
Security status: SHA-256 is fully secure. No practical attacks are known. It is the current recommended standard for most cryptographic hashing needs.
How SHA-256 Works
SHA-256 is built on the Merkle–Damgård construction — the same architectural pattern as MD5 and SHA-1, but with significantly more rounds and a larger state.
1. Padding
Message padded so total length ≡ 448 (mod 512). Append 1-bit, zeros, then 64-bit big-endian original length.
2. Initial Hash Values
Eight 32-bit words (H₀–H₇) initialized from fractional parts of square roots of the first 8 primes.
3. Message Schedule
Each 512-bit block expanded from 16 words to 64 words using XOR and bitwise rotations.
4. Compression — 64 Rounds
Two mixing functions (Σ₀, Σ₁), Ch (Choose), Maj (Majority), modular addition with round constants from cube roots of primes.
5. Final Output
Eight 32-bit state values concatenated → 256-bit digest displayed as 64 hex characters.
SHA-256 Output Format
256 bits
Digest size
64 chars
Hex length
32-bit
Word size
512 bits
Block size
64
Rounds
Yes
Deterministic
Example outputs:
| Input | SHA-256 Digest (first 32 chars shown) |
|---|---|
| (empty string) | e3b0c44298fc1c149afb... |
| a | ca978112ca1bbdcafac2... |
| abc | ba7816bf8f01cfea4141... |
| SHA-256 | b135e5d5f3f6a... |
Real-World Uses of SHA-256
HTTPS / TLS Certificates
Every valid TLS certificate today uses SHA-256 for its signature. When you see the padlock icon in your browser, SHA-256 is securing the certificate chain behind it.
Bitcoin Mining
Bitcoin’s proof-of-work requires miners to find a nonce such that SHA-256(SHA-256(block + nonce)) produces a digest with N leading zeros. The difficulty target adjusts every 2,016 blocks (~2 weeks) to keep block times around 10 minutes.
File Integrity Verification
Linux distributions and software vendors publish SHA-256 checksums alongside their downloads. After downloading, you compute the digest and compare — any byte corruption or tampering produces a completely different hash.
Docker Image Digests
docker pull ubuntu@sha256:abc123... guarantees you pull the exact image the publisher signed — not a malicious substitute injected between you and the registry.
HMAC-SHA256
The most common HMAC algorithm in production. Used for API request signing, JWT token integrity, and webhook signature verification (GitHub, Stripe, Shopify all use it).
SHA-256 Performance
On a modern 64-bit CPU, SHA-256 throughput is approximately 300–500 MB/s per core in software. Hardware acceleration (Intel SHA Extensions, ARM SHA-2 instructions) can push this to multi-GB/s.
Compared to SHA-512 on the same hardware:
- For short messages (< 512 bytes): SHA-256 is similar speed
- For large messages on 64-bit CPUs: SHA-512 can be faster (wider 64-bit words)
Computing SHA-256 Hashes
echo -n "hello" | sha256sum
sha256sum filename.txt # file checksumOr use the Hash Generator — instant, browser-only, no data sent anywhere.
Key Takeaways
- SHA-256 produces a 64-character hexadecimal digest (256 bits)
- Part of the SHA-2 family, published by NIST in 2001
- Fully secure — no known practical attacks
- Powers TLS certificates, Bitcoin mining, Docker digests, and AWS checksums
- 64 rounds of mixing per 512-bit block give it strong avalanche properties
- Use SHA-256 for file integrity, digital signatures, and general cryptographic hashing
- For passwords, use Argon2id or bcrypt — not raw SHA-256