logo
GeekFormat

SHA-256 Hash

Input0 characters · 0 bytes
示例:
All Hashes (side-by-side)
Computed via Web Crypto API
MD5
32 hex
SHA-1
40 hex
SHA-256
64 hex
SHA-384
96 hex
SHA-512
128 hex

Free online SHA-256 hash generator for text, files and batches. Compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 side-by-side, switch Hex/Base64 output, drag and drop files, and verify against a known hash — all in your browser, no upload.

Related

Use Cases

  • Verify downloaded installers, ISOs, images or attachments match the official SHA-256 checksum
  • Generate SHA-256 digests for API signature verification (AWS SigV4, OAuth, JWT HS256)
  • Compute file integrity checksums before and after database, backup or network transfers
  • Bulk-generate SHA-256 hashes for config lines, password lists or test fixtures
  • Debug HMAC-SHA256 webhook signatures end-to-end with a known plaintext + key
  • Learn cryptography by comparing SHA-256 output with MD5, SHA-1, SHA-384 and SHA-512

Features

  • Text and file support: generate SHA-256 hashes for strings, local files and batch inputs in one place
  • 5 algorithms side-by-side: compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 simultaneously for cross-checking
  • Hex and Base64 output: switch encoding format instantly for API signatures, JWT and storage systems
  • Drag and drop files: hash installers, ISOs or any local file without uploading — verified 100% client-side
  • Verify against known hash: paste an expected digest and get a match / no-match verdict in real time
  • Batch SHA-256: compute one digest per line for configs, password lists and bulk verification
  • HMAC-SHA256 ready: integrate with AWS SigV4, JWT HS256 and webhook signature flows
  • Web Crypto API: uses the browser's audited native implementation — constant-time, no polyfills

How to Use

  1. Pick a mode: Text, File, Batch or HMAC-SHA256
  2. Type, paste or drag-and-drop your input — results update as you type for text mode
  3. Optionally enable Multi-Algorithm to compute MD5 / SHA-1 / SHA-256 / SHA-384 / SHA-512 at once
  4. Switch between Hex and Base64 output and copy the digest with one click

FAQ

What is SHA-256 and how does it work?

SHA-256 is a cryptographic hash function in the SHA-2 family, designed by the NSA and standardized by NIST in FIPS 180-4. It processes input in 512-bit blocks through 64 rounds of bitwise mixing, producing a fixed 256-bit (64-character hex) digest. As of 2026, no practical collision or pre-image attack is known against full 64-round SHA-256.

Can I use SHA-256 to verify downloaded files haven't been tampered with?

Yes. Most software publishers (Linux distros, Docker images, npm packages, etc.) publish a SHA-256 checksum next to the download link. After downloading, compute the file's SHA-256 locally and compare. If the digest matches exactly, the file is byte-for-byte identical to the publisher's copy.

Why do many people prefer SHA-256 over MD5?

MD5 has known collision attacks (chosen-prefix collisions are feasible in seconds on commodity hardware), so it is no longer safe for security purposes. SHA-256 has a 256-bit output, no known practical attacks after 25+ years of public scrutiny, and is approved by NIST for federal use. For any new project that needs a hash, SHA-256 is the right default.

Can SHA-256 be reversed or decrypted?

No. SHA-256 is a one-way function: it is computationally infeasible to derive the original input from its hash. The only practical way to 'reverse' a hash is to look it up in a rainbow table — a database of pre-computed hashes for known inputs — which is why salting is required when hashing passwords.

Is SHA-256 safe for password storage?

No — use a slow, salted key-derivation function instead. SHA-256 is fast by design, so an attacker who steals a database of SHA-256 password hashes can brute-force billions of guesses per second on a GPU. Use Argon2id (preferred), scrypt or bcrypt with a unique per-user salt. For HMAC-based password verification, PBKDF2-HMAC-SHA256 is acceptable when paired with a high iteration count.

Is SHA-256 useful for API signatures and HMAC debugging?

Yes. Most modern API signing schemes — AWS SigV4, GitHub webhooks, Slack signing secrets, JWT HS256, OAuth 1.0a — rely on HMAC-SHA256. This tool supports HMAC-SHA256 with UTF-8, Hex or Base64 key encoding, so you can reproduce or debug signatures end-to-end.

What is the difference between SHA-256 and SHA-3?

Both produce 256-bit digests with comparable security, but they use different internal constructions. SHA-256 is a Merkle–Damgård construction based on the SHA-2 family (FIPS 180-4). SHA-3 is the sponge-construction Keccak algorithm, selected by NIST in 2012. SHA-3 is useful when long-term cryptographic agility matters; SHA-256 has far wider real-world deployment today.

Why is SHA-256 used in Bitcoin and blockchain?

Bitcoin's proof-of-work, block headers, transaction IDs and Merkle tree commitments all use SHA-256 (often run twice as double-SHA-256). The properties SHA-256 provides — fixed-length output, collision resistance, fast verification, deterministic results — are exactly what a distributed ledger needs to make tampering detectable and consensus reachable.

Is my input data sent to a server?

No. All hashing runs locally in your browser via the Web Crypto API. Nothing you type, paste or drop into this tool is transmitted over the network. The page can be used offline once loaded.

What's the SHA-256 hash of the empty string?

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. This is the well-known SHA-256 of the empty string and is used as a self-test vector in many cryptographic libraries.

What is SHA-256 Hash?

SHA-256 is a cryptographic hash function in the SHA-2 family, designed by the U.S. National Security Agency (NSA) and standardized by NIST in FIPS 180-4 in 2012. It takes any input — from an empty string to multi-gigabyte files — and produces a fixed 256-bit (64-character hexadecimal) digest.

The algorithm processes input in 512-bit (64-byte) blocks through 64 rounds of mixing. It maintains an 8-word internal state (A through H) initialized to constants derived from the square roots of the first eight primes. Each round applies bitwise rotations, XOR, addition and the two non-linear functions Ch (choose) and Maj (majority). Round constants come from the cube roots of the first 64 primes, giving the algorithm strong avalanche properties: a one-bit change in the input flips roughly half the output bits.

As of 2026 there are no known practical collision or pre-image attacks against full 64-round SHA-256. The best published cryptanalysis reaches partial collisions on reduced-round variants. Collision resistance is on the order of 2^128 operations — far beyond any realistic adversary — making SHA-256 safe for TLS certificate signatures, Bitcoin's proof-of-work, file integrity verification and content addressing in systems like IPFS and modern Git.

The one thing SHA-256 is not designed for is password storage. Because it is a fast hash (a modern GPU computes billions of digests per second), an attacker who steals a database of SHA-256 password hashes can brute-force common passwords quickly. For passwords, use a slow, salted KDF such as Argon2id, scrypt or bcrypt. For everything else, SHA-256 is the modern default.

SHA-256 is standardized as FIPS 180-4 by NIST, defined in RFC 6234 by the IETF, and approved by the U.S. government for use in federal information systems. It is the recommended default in the NIST SP 800-131A Rev. 2 transition guidance, and the only hash function still accepted for new CMS, TLS 1.3 and PGP signatures.

Code Examples

SHA-256 of the empty string

text

The empty string has a single, well-known SHA-256 digest. You will see this constant in logs, caches, CDNs and storage systems as the fingerprint of empty content.

Input  : (empty)
SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA-256 of "hello"

text

Classic test vector for SHA-256 implementations. Many cryptographic libraries ship a self-test that hashes this exact string.

Input  : hello
SHA-256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

SHA-256 of "hello world"

text

The most commonly cited SHA-256 example on the web. Used in tutorials, RFCs and Wikipedia to illustrate the algorithm's output.

Input  : hello world
SHA-256: b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

Compute SHA-256 in JavaScript (Web Crypto API)

javascript

Production-grade SHA-256 in 4 lines using the browser's native Web Crypto API. No external libraries, no uploads, audited native implementation.

const buf = new TextEncoder().encode('hello')
const hash = await crypto.subtle.digest('SHA-256', buf)
const hex = [...new Uint8Array(hash)]
  .map(b => b.toString(16).padStart(2, '0'))
  .join('')
console.log(hex)
// 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Compute SHA-256 in Python

python

Standard-library SHA-256 hash with hex output. Works in Python 3.6+.

import hashlib
print(hashlib.sha256(b'hello').hexdigest())
# 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Compute SHA-256 at the command line

bash

Verify a downloaded file with one shell command. macOS and Linux ship sha256sum (or shasum -a 256 on macOS) by default.

$ echo -n 'hello' | sha256sum
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824  -

$ sha256sum installer.dmg
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  installer.dmg

Supported Video Formats

FormatMIMEBrowser supportWhen to use
MD5128-bit (32 hex)UniversalBroken for collisions; still used for non-security checksums and legacy compatibility.
SHA-1160-bit (40 hex)UniversalDeprecated for security (SHAttered, 2017). Use SHA-256 for new systems.
SHA-256256-bit (64 hex)Web Crypto APIModern default. Recommended for TLS, file integrity, Bitcoin, Git, JWT HS256 and HMAC-SHA256.
SHA-384384-bit (96 hex)Web Crypto APITruncated SHA-512. Used in TLS 1.2 cipher suites and DNSSEC NSEC3 records.
SHA-512512-bit (128 hex)Web Crypto APIStrongest standard SHA-2. Faster than SHA-256 on 64-bit CPUs; same security margin.
SHA-3 / Keccak256/512-bitLimitedNIST winner 2012, sponge construction. Use when long-term cryptographic agility is required.

Output Example

A real MP3 file encoded to a Data URI — copy-ready:

Input  : hello world
SHA-256: b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

Input  : (empty)
SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Privacy & Security

This SHA-256 generator runs 100% in your browser using the native Web Crypto API. Your input — whether text, files or batch data — is hashed locally and never sent to any server. There are no analytics calls on the hash input, no logging, no caching of digests, and no third-party trackers on the tool itself. Even the verify-against-known-hash comparison happens client-side. Safe for sensitive content: API keys, internal file names, HMAC secrets, customer data, anything you would not paste into a random online SHA-256 tool.

Authoritative References