What is SHA-256?
SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function from the SHA-2 family, standardised by NIST in 2001 (FIPS 180-4). It produces a 256-bit (32-byte, 64 hexadecimal character) digest for any input. SHA-256 is the backbone of TLS certificate chains, code-signing, Git (SHA-256 mode), and Bitcoin's proof-of-work.
SHA-256 processes input in 512-bit (64-byte) blocks through 64 rounds of mixing using bitwise operations, modular addition, and a message schedule derived from the input. The algorithm maintains an 8-word (256-bit) internal state initialised with the fractional parts of the square roots of the first eight primes. After all blocks are processed, the state becomes the digest.
The output is a fixed-length 256-bit value regardless of input size — an empty string and a 10 GB file both produce a 64-character hex digest. Changing even one bit of the input produces a completely different digest (the avalanche effect). SHA-256 has no known practical preimage or collision attacks as of 2025, making it safe for security-critical uses.
SHA-256 appears everywhere in security infrastructure. TLS 1.3 uses HMAC-SHA256 and HMAC-SHA384 for the handshake PRF. X.509 certificates are signed with SHA-256 (RSA-SHA256 or ECDSA-SHA256). Operating systems verify software updates by comparing the downloaded file's SHA-256 against a signed manifest. Package managers (npm, cargo, pip) record SHA-256 digests of dependencies in lock files to detect tampering. Bitcoin double-hashes block headers with SHA-256 to calculate proof-of-work difficulty targets.
The SHA-2 family also includes SHA-224, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. SHA-3 (Keccak) is a separate algorithm with a different internal structure (sponge construction), standardised in 2015 as a backup in case weaknesses are found in SHA-2.
MD5 and SHA-1 are deprecated for security use due to known collision attacks, but remain common in legacy systems and non-security checksums.