SHA-256

SHA-256 is a cryptographic hash function published by the US National Institute of Standards and Technology (NIST) in 2001 as part of the SHA-2 family (FIPS PUB 180-4). It takes any-length input and produces a 256-bit (32-byte, 64 hex character) fixed-length output.

The function is deterministic (same input always produces same output), one-way (computationally infeasible to derive input from output), and collision-resistant (computationally infeasible to find two different inputs producing the same output). As of 2026 no practical attack on SHA-256 collision resistance has been demonstrated.

Where SHA-256 shows up: TLS certificate signatures, JWT signatures (HS256, RS256, ES256 — the 256 is SHA-256), Bitcoin block hashes (double-applied), HMAC-SHA256 message authentication, Git’s upcoming SHA-256 object format, and basically every modern integrity-verification stack.

Compute SHA-256 hashes via our hash generator, which uses the browser’s Web Crypto API (crypto.subtle.digest) under the hood.