SHA-256

Generate SHA-256 digest

256-bit · 64 hex chars Case
Message 43 chars · 43 B
SHA-256 Digest
Digest appears live as you type…
Algorithm
SHA-256
Output length
0 chars
Deep dive

How SHA-256 works

SHA-256 is a cryptographic hash function from the SHA-2 family, standardised by NIST in FIPS 180-4. It takes input of any length and returns a fixed 256-bit digest — always 64 hexadecimal characters, whether you feed it one letter or a gigabyte of data.

Three properties make it useful. It's deterministic: the same input always yields the same digest. It's one-way: you can't work backwards from a hash to its input. And it has a strong avalanche effect: change a single bit and roughly half the output flips. Together these turn a hash into a compact, tamper-evident fingerprint of whatever produced it.

Internally it follows the Merkle–Damgård construction: the message is padded and split into 512-bit blocks, then mixed through 64 compression rounds over eight 32-bit registers. One important caveat: speed is a feature here, which makes raw SHA-256 a poor choice for password storage. For that, reach for a deliberately slow algorithm like bcrypt or Argon2. Everything on this page is computed locally with the browser's Web Crypto API — your input is never uploaded.

Reference

Properties & common uses

Properties

What the algorithm guarantees about every digest it produces.

Deterministic output
Fixed 256-bit length
Strong avalanche effect
One-way / irreversible
Common uses

Where a fast, collision-resistant fingerprint earns its keep.

File & download integrity
Content addressing & dedup
Digital signature digests
Git-style commit IDs
Reference

SHA-1 vs SHA-256 vs SHA-3

AlgorithmDigest sizeSecurity status
MD5128 bitsBroken
SHA-1160 bitsBroken
SHA-256256 bitsSecure
SHA-3256 / 512 bitsSecure

SHA-256 remains the most widely deployed hash in network protocols and APIs thanks to its broad hardware support and efficiency, while SHA-3 (Keccak) offers a structurally different fallback.

In practice

Where developers use it

01

Verifying a download

Hash a downloaded file and compare it to the checksum the publisher posted to confirm nothing was altered in transit.

02

Deduplicating content

Use the digest as a content address — identical files hash identically, so storage and caches can skip duplicates.

03

Signing & receipts

Hash a payload before signing it, so a signature covers a compact fingerprint instead of the entire document.

Questions

Frequently asked questions

No. SHA-256 is a one-way function — there's no operation that turns a digest back into its input. So-called "decryptors" are really just lookup tables of previously-hashed values; they can only match common strings that someone already hashed, not invert the algorithm itself.

Not on its own. SHA-256 is built to be fast, which is exactly the wrong property for passwords — it lets an attacker test billions of guesses per second. Use a purpose-built, deliberately slow algorithm like bcrypt, scrypt, or Argon2, always with a per-user salt.

All three are hash functions, but MD5 and SHA-1 are broken — practical collisions exist, so two different inputs can share a digest. SHA-256 (part of the SHA-2 family) has no known collision attack and is the current baseline for integrity and signatures. Treat MD5/SHA-1 as checksums for accidental corruption only, never for security.

SHA-256 uses the Merkle-Damgård iterative construction with a Davies-Meyer compression function. The message is split into 512-bit blocks, padded, and mixed through 64 compression rounds using logical operators and modular addition, making it mathematically irreversible.

That's the avalanche effect. A good hash spreads every input bit across the whole output, so flipping a single character changes roughly half the digest. It's why a hash is a reliable fingerprint — any edit, however small, is obvious.

Not in any practical sense. SHA-256 has a vast key space of 2^256 states, making a complete precomputed rainbow table impossible to build. Only very simple, low-entropy words or short strings can be found in small lookup databases of precalculated hashes.

No. Hashing runs through your browser's built-in Web Crypto API, entirely on your device. The input never leaves the page, so it's safe to hash file contents, secrets, or anything sensitive.

Related

Pairs well with

© 2026. Syntaxly | Built for the minimalist developer.