⌘K
We use cookies to improve your experience
We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience.
Definition
SHA-256 is a cryptographic hash function from the SHA-2 family that produces a 256-bit (64 hexadecimal character) hash value. It is widely used in security applications including TLS/SSL certificates, Bitcoin mining, digital signatures, and file integrity verification. SHA-256 has no known practical vulnerabilities.
SHA-256 was designed by the NSA and published by NIST in 2001 as part of the SHA-2 family (which also includes SHA-224, SHA-384, and SHA-512). It processes data in 512-bit blocks through 64 rounds of compression, producing a 256-bit hash. SHA-256 is the de facto standard for cryptographic hashing in modern security infrastructure.
SHA-256 is used throughout the internet: TLS/SSL certificates use SHA-256 for signing (replacing SHA-1 which was deprecated in 2017), Git is migrating from SHA-1 to SHA-256 for object identification, Bitcoin uses double SHA-256 for mining and transaction verification, and most software distribution platforms use SHA-256 checksums for download verification.
While SHA-256 is secure for integrity verification and digital signatures, it is not appropriate for password hashing — it is too fast. A modern GPU can compute billions of SHA-256 hashes per second, making brute-force password attacks feasible. For passwords, use bcrypt, scrypt, or Argon2 which are designed to be computationally expensive. SHA-3 (Keccak) is the latest SHA standard but SHA-256 remains secure and more widely deployed.