SHA-256
The default cryptographic hash for the modern web. TLS certificates, Bitcoin, GitHub's new object IDs: all SHA-256 underneath.
By Deepak Gupta ·
SHA-256 is one member of the SHA-2 family designed by the NSA and standardized by NIST in 2001. It's the default cryptographic hash for new systems: TLS certificate signatures, the Bitcoin proof-of-work hash, JWT's HS256 / RS256 signing, AWS Signature V4, Git's next-generation content addressing. Anywhere you'd reach for a hash today and don't have a reason to pick something else, the right answer is usually SHA-256. It produces a 256-bit (32-byte) digest and is implemented natively in every CPU shipped in the last decade via the Intel SHA-NI / ARMv8 cryptography extensions, so its real-world throughput is excellent. There are no known practical attacks against SHA-256; the closest theoretical result is a length-extension attack which is mitigated by using HMAC-SHA256 (or by switching to SHA-3 / BLAKE3 which are immune by construction).
Recommended uses
- ·Default cryptographic hash for new designs
- ·File integrity checksums shared publicly
- ·HMAC-SHA256 for API request signing
- ·Building blocks for Merkle trees (Bitcoin, Git, ZK proofs)
Known attacks / caveats
- ·Length-extension attack on the bare construction; use HMAC-SHA256 if you need MAC semantics
Designed by
NSA, published 2001.