About

SHA-256 produces a fixed 256-bit (32-byte) digest from arbitrary input, rendered as a 64-character hexadecimal string. It belongs to the SHA-2 family designed by the NSA and standardized in FIPS 180-4. A single bit change in the input produces an entirely different hash - the avalanche property - making it computationally infeasible to reverse-engineer the original message or find two inputs with the same digest. This tool computes SHA-256 using your browser's native SubtleCrypto module, meaning no data leaves your machine. It handles raw text encoded as UTF-8 and binary files of any size.

Incorrect hash verification leads to real consequences: corrupted firmware installs, tampered software packages, and undetected file modifications in forensic chains of custody. This tool approximates zero overhead by delegating to hardware-accelerated crypto primitives rather than a JavaScript reimplementation. Limitation: browsers enforce a same-origin policy on SubtleCrypto, so this tool requires HTTPS or localhost context to function. Pro Tip: always compare hashes in lowercase-normalized form to avoid false mismatches from case differences.

Formulas

SHA-256 operates on padded 512-bit message blocks through 64 rounds of compression. Each round applies bitwise operations, modular addition, and logical functions to eight working variables derived from initial hash values (H₀ through H₇).

H(m) = SHA-256(m) = h₀ ‖ h₁ ‖ h₂ ‖ h₃ ‖ h₄ ‖ h₅ ‖ h₆ ‖ h₇

The core compression function per round i:

T₁ = h + Σ₁(e) + Ch(e, f, g) + K_i + W_i

T₂ = Σ₀(a) + Maj(a, b, c)

Where H(m) is the final hash digest of message m. h_0..7 are the eight 32-bit words of the final state after all blocks are processed. ‖ denotes concatenation. Ch(e, f, g) = (e ∧ f) &xor; (¬e ∧ g) is the Choice function. Maj(a, b, c) = (a ∧ b) &xor; (a ∧ c) &xor; (b ∧ c) is the Majority function. Σ₀ and Σ₁ are bitwise rotation functions. K_i are 64 constant words derived from cube roots of the first 64 primes. W_i are the message schedule words expanded from the input block. All additions are modulo 2³².

Reference Data

Hash Algorithm	Digest Size	Block Size	Rounds	Status (2024)	Collision Resistance
MD5	128 bit	512 bit	64	Broken	2¹⁸ operations
SHA-1	160 bit	512 bit	80	Deprecated	2⁶³ operations
SHA-224	224 bit	512 bit	64	Secure	2¹¹²
SHA-256	256 bit	512 bit	64	Secure (Standard)	2¹²⁸
SHA-384	384 bit	1024 bit	80	Secure	2¹⁹²
SHA-512	512 bit	1024 bit	80	Secure	2²⁵⁶
SHA-512/256	256 bit	1024 bit	80	Secure	2¹²⁸
SHA3-256	256 bit	1088 bit	24	Secure (Keccak)	2¹²⁸
SHA3-512	512 bit	576 bit	24	Secure (Keccak)	2²⁵⁶
BLAKE2b	512 bit	1024 bit	12	Secure	2²⁵⁶
BLAKE3	256 bit	512 bit	7	Secure (Fastest)	2¹²⁸
RIPEMD-160	160 bit	512 bit	80	Legacy (Bitcoin)	2⁸⁰
Whirlpool	512 bit	512 bit	10	Secure	2²⁵⁶
CRC-32	32 bit	-	-	Non-cryptographic	None

Frequently Asked Questions

Theoretically yes - SHA-256 maps infinite inputs to a finite set of 2²⁵⁶ outputs, so collisions must exist by the pigeonhole principle. Practically, no collision has ever been found. Finding one requires approximately 2¹²⁸ operations (birthday attack), which exceeds current computational feasibility by many orders of magnitude. For context, 2¹²⁸ SHA-256 operations would take longer than the age of the universe on all existing hardware combined.

This is the avalanche effect, a core design property of cryptographic hash functions. SHA-256's compression function propagates each bit change through 64 rounds of mixing operations (Ch, Maj, bitwise rotations, modular addition). After a few rounds, every output bit depends on every input bit. Statistically, changing one input bit flips approximately 50% of the output bits.

Yes. SHA-256 operates on raw bytes, not characters. The string "café" encoded as UTF-8 produces different bytes than the same string in ISO-8859-1 (the "é" character is 2 bytes in UTF-8 vs 1 byte in Latin-1). This tool uses UTF-8 encoding via the browser's TextEncoder API. When comparing hashes across systems, confirm identical encoding. A BOM (Byte Order Mark) at the start of a file will also alter the hash.

No. SHA-256 is designed for speed, which makes it vulnerable to brute-force and dictionary attacks on passwords. A modern GPU can compute billions of SHA-256 hashes per second. Use purpose-built password hashing functions like bcrypt, scrypt, or Argon2, which incorporate a work factor (cost parameter), salt, and are intentionally slow. SHA-256 is appropriate for data integrity verification, digital signatures, and commitment schemes - not credential storage.

Text hashing first encodes the string to a UTF-8 byte array via TextEncoder, then feeds that ArrayBuffer to the SubtleCrypto digest function. File hashing reads the file's raw binary content as an ArrayBuffer using the FileReader API - no encoding transformation occurs. The binary data is passed directly to SHA-256. This means the hash of a text file will match the hash of typing the same content only if the file contains exactly those UTF-8 bytes with no BOM, no trailing newline, and no other invisible characters.

The SHA-256 digest of zero-length input is the constant e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. This is the result of hashing the padded empty message block. It serves as a useful verification value - if your tool produces this hash for an empty input, the implementation is correct. This constant is defined by the algorithm's initial hash values H_0..7 processed through one padded block.