正在加载,请稍候…

What Is SHA-256? How the Hash Function Works and Where It Is Used

Learn what SHA-256 is, how cryptographic hash functions work, why SHA-256 is considered secure, and where it appears in TLS, Bitcoin, Git, and password storage.

What Is SHA-256?

SHA-256 (Secure Hash Algorithm 256-bit) takes any input and produces a fixed 256-bit (64 hex character) output called a digest or hash.

SHA-256("hello")     = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
SHA-256("Hello")     = 185f8db32921bd46d35b2e4234ac97a7c3a2d08d3ef5a28c3a6c4e9c8e2e6dd5
SHA-256("hello!")    = (completely different 64-char hash)
SHA-256(1GB file)    = (still exactly 64 characters)

Properties of SHA-256

Deterministic: Same input always produces the same hash.

One-way: Given a hash, you cannot compute the original input. There's no reverse algorithm — only brute force.

Avalanche effect: Changing one bit of input completely changes the output. "hello" and "hello1" produce completely unrelated hashes.

Collision resistant: No two different inputs have ever been found to produce the same SHA-256 hash. (MD5 and SHA-1 have known collision attacks.)

Fast: ~10 billion hashes/second on a modern GPU. Great for file integrity. Terrible for passwords (see below).

Where SHA-256 Is Used

TLS/HTTPS: Every HTTPS certificate is signed with SHA-256. The TLS handshake uses it for key derivation.

Bitcoin: Proof of Work requires finding a nonce such that SHA-256(SHA-256(block_header)) starts with enough zero bits. Bitcoin addresses also derive from SHA-256.

Git: Every commit is identified by its SHA hash. Change any byte of the commit content and you get a completely different hash.

git log --oneline  # shows commit hashes
git show abc1234   # reference commit by hash prefix

File integrity: Software downloads include SHA-256 checksums so you can verify the file wasn't corrupted or tampered with.

sha256sum ubuntu-24.04.iso
# compare output with official checksum on download page

HMAC signatures: SHA-256 is used in HMAC for signing API requests and webhooks.

crypto.createHmac('sha256', secret).update(payload).digest('hex');

SHA-256 vs MD5 vs Others

Hash Output Broken? Speed Use
MD5 128 bits Yes (collisions) Very fast Legacy checksums only
SHA-1 160 bits Yes (collisions) Fast Legacy (Git migrating away)
SHA-256 256 bits No Fast General purpose
SHA-512 512 bits No Faster on 64-bit Extra security margin
SHA-3 Variable No Medium Alternative design

Why SHA-256 Is Wrong for Passwords

SHA-256 computes ~10 billion hashes/second on a GPU. An attacker with a leaked database can crack 8-character alphanumeric passwords in hours.

Use purpose-built slow algorithms instead:

# WRONG: SHA-256 for passwords
import hashlib
password_hash = hashlib.sha256(password.encode()).hexdigest()  # NEVER

# CORRECT: bcrypt (delibertely slow)
import bcrypt
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt(rounds=12))
# bcrypt at rounds=12 ≈ 330 hashes/sec vs SHA-256's 10 billion/sec
# That's a 30 million× difference in crack resistance

Computing SHA-256

// Node.js
const hash = require('crypto').createHash('sha256').update('hello').digest('hex');
// '2cf24dba...'

// Streaming large files
const stream = require('fs').createReadStream('large-file.bin');
const hash = require('crypto').createHash('sha256');
stream.pipe(hash).on('finish', () => console.log(hash.digest('hex')));
import hashlib
hashlib.sha256(b'hello').hexdigest()
# '2cf24dba...'

# File hash
with open('file.bin', 'rb') as f:
    h = hashlib.file_digest(f, 'sha256')
    print(h.hexdigest())

→ Hash text with SHA-256 and other algorithms in your browser with the Hash Text Tool.