SHA-256 (2024)

Overview

SHA-256 is a member of the SHA-2 cryptographic hash functions designed by the NSA that generates an almost-unique 256-bit (32-byte) signature for a given text input. SHA stands for "Secure Hash Algorithm." Hashing algorithms are mathematical functions that condense data to a fixed size. Many hashing algorithms exist for various purposes; SHA algorithms are utilized for cryptographic security. Cryptographic hash algorithms produce irreversible and almost unique hashes. Irreversible in the sense that if you only had the hash you couldn’t use that to figure out what the original data was, therefore allowing the original data to remain secure and unknown. Unique meaning that two different pieces of data cannot produce the same hash.

Part of the SHA-2 group of hash algorithms first created by the NSA in 2001 as a successor to SHA-1, SHA-256 is a patented cryptographic hash function. The patent (US6829355B2) for the SHA-256 algorithm was filed by the NSA on March 5th, 2001, listing Glenn M Lilly as the inventor. The patent was granted and published on December 7th, 2004.

From 2011 to 2015, SHA-1 was the primary algorithm used for SSL certificates. Growing research showing the weaknesses of SHA-1 prompted a revaluation and from 2016 onward, SHA-2 is the new standard. Since August 5th, 2015 NIST policy on hash functions recommends application and protocol designers implement SHA-256 at a minimum for any applications of hash functions requiring interoperability.

SHA-256 has not yet been compromised in any way. The 256-bit key makes it a good partner function for AES. It is defined in the NIST (National Institute of Standards and Technology) standard ‘FIPS 180-4’. NIST also provides a number of test vectors to verify the correctness of implementation.

Process

The SHA-256 algorithm can be separated into five sections.

Padding bits

Extra bits are added to the message, such that the length is exactly 64 bits short of a multiple of 512. During the addition, the first bit should be one, and the rest of it should be filled with zeroes.

Padding length

Next, 64 bits are added to make the final plaintext a multiple of 512. The 64 bits of characters are calculated by applying the modulus of the original cleartext without the padding.

SHA-256 (1)

Padding of the original message in the SHA-256 algorithm.

Initializing the buffers

The default values for eight buffers and 64 different keys in an array (K[0] to K[63]) are initialized.

Compression functions

The algorithm breaks down the entire message into multiple blocks of 512 bits each. It puts each block through 64 rounds of operation, with the output of each block serving as the input for the following block.

SHA-256 (2)

Representation of the SHA-256 algorithm.

The value of K[i] for each round is pre-initialized. W[i] is another input calculated individually for each block, depending on the number of iterations being processed at the moment.

Output

With each iteration, the final output of the block serves as the input for the next block. The entire cycle repeats until you reach the last 512-bit block, and the final hash digest is output. This digest will be of the length 256-bit, as per the name of this algorithm.

Security

The security of the SHA-256 algorithm is partially dependent on how collision resistant it is, where collision resistance is a probability measurement for two different data inputs to produce the same hash output (i.e. collide with each other). Every hash function with more inputs than outputs will necessarily have collisions. SHA-256 produces 256 bits of output from an arbitrarily large input. Since it must generate one of 2256 outputs for each member of a much larger set of inputs, the pigeonhole principle guarantees that some inputs will hash to the same output. However, the larger the number of possible hashes, the smaller the chance that two values will create the same hash.

The following are three key properties defining the security of SHA-256:

  1. With 2256 possible outputs it is almost impossible to reconstruct the initial data from the hash value. Brute-force attacks would need to make 2256 attempts to generate the initial data.
  2. Having two messages with the same hash value is extremely unlikely (high collision resistance).
  3. Minor changes to the original data alter the hash value significantly that it’s not apparent the new hash value is derived from similar data (known as the avalanche effect).

Applications

SHA-256 is commonly used to authenticate digital certificates, such as SSL certificates that ensure a secure link between a website and web browsers. SHA-256 is also the cryptographic hash function used for Bitcoin's Proof of Work mining and in the creation of Bitcoin addresses. SHA-256 is also used in other popular authentication and encryption protocols, including TLS, IPsec, SSH, and PGP. In Unix and Linux.

SHA-256 (2024)
Top Articles
Early Warning Services and The Clearing House Now Enable Zelle® Payments on the RTP® Network
Is the Vanguard S&P 500 ETF Still a Buy? | The Motley Fool
Is Sam's Club Plus worth it? What to know about the premium warehouse membership before you sign up
Kathleen Hixson Leaked
Promotional Code For Spades Royale
Login Page
His Lost Lycan Luna Chapter 5
The Daily News Leader from Staunton, Virginia
Mychart Mercy Lutherville
oklahoma city for sale "new tulsa" - craigslist
Caroline Cps.powerschool.com
Tlc Africa Deaths 2021
Snarky Tea Net Worth 2022
Ecers-3 Cheat Sheet Free
Infinite Campus Parent Portal Hall County
60 X 60 Christmas Tablecloths
Lancasterfire Live Incidents
Walgreens San Pedro And Hildebrand
Transactions (zipForm Edition) | Lone Wolf | Real Estate Forms Software
Between Friends Comic Strip Today
Bjerrum difference plots - Big Chemical Encyclopedia
Hood County Buy Sell And Trade
Low Tide In Twilight Ch 52
How To Find Free Stuff On Craigslist San Diego | Tips, Popular Items, Safety Precautions | RoamBliss
Synergy Grand Rapids Public Schools
Preggophili
Die 8 Rollen einer Führungskraft
Saxies Lake Worth
Angel Haynes Dropbox
Grave Digger Wynncraft
Tamil Movies - Ogomovies
Uno Fall 2023 Calendar
Tu Housing Portal
Wheeling Matinee Results
Mkvcinemas Movies Free Download
Att U Verse Outage Map
Family Fare Ad Allendale Mi
Build-A-Team: Putting together the best Cathedral basketball team
Weapons Storehouse Nyt Crossword
Winta Zesu Net Worth
Craigslist Antique
Cvs Coit And Alpha
Mountainstar Mychart Login
Market Place Tulsa Ok
Ouhsc Qualtrics
Runescape Death Guard
Craigslist Pets Lewiston Idaho
Southwind Village, Southend Village, Southwood Village, Supervision Of Alcohol Sales In Church And Village Halls
Worlds Hardest Game Tyrone
Itsleaa
Elizabethtown Mesothelioma Legal Question
Dinargurus
Latest Posts
Understanding the Four Parts of a Mortgage Payment
Preferred Provider Organization (PPO): Definition and Benefits
Article information

Author: Frankie Dare

Last Updated:

Views: 5925

Rating: 4.2 / 5 (73 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Frankie Dare

Birthday: 2000-01-27

Address: Suite 313 45115 Caridad Freeway, Port Barabaraville, MS 66713

Phone: +3769542039359

Job: Sales Manager

Hobby: Baton twirling, Stand-up comedy, Leather crafting, Rugby, tabletop games, Jigsaw puzzles, Air sports

Introduction: My name is Frankie Dare, I am a funny, beautiful, proud, fair, pleasant, cheerful, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.