SHA-256 Hash Generator

0 chars· or drag a file here
SHA-256

Try a different algorithm

Use the multi-algorithm view

Verify a hash

Compare against an expected value

About the SHA-256 Generator

The SHA-256 Generator computes 256-bit SHA-2 digests of text or files (up to 5 MiB) using `crypto.subtle.digest` — the same Web Crypto primitive that powers TLS handshakes in your browser. SHA-256 is specified in NIST FIPS 180-4 (and equivalently in RFC 6234) and is the modern default for digital signatures, content-addressable storage, certificate fingerprints, and HMAC message authentication. The generator runs entirely client-side, so production-shape input — release artifacts, signed payloads, certificate bytes — never leaves your browser.

Updated: May 8, 2026

Related Tools

Hash GeneratorAll four SHA/MD5 algorithms plus bcrypt with the multi-algorithm viewTry it Hash CheckerVerify a hash against an expected value (auto-detects bcrypt)Try it MD5 Hash GeneratorGenerate MD5 hashes in your browserTry it bcrypt Hash GeneratorGenerate bcrypt hashes in your browserTry it

How to use the SHA-256 generator

  • Paste text or drop a file (up to 5 MiB). Text is encoded as UTF-8 before hashing; files are read as raw bytes via the FileReader API.
  • The digest renders in lowercase hex by default (32 bytes / 64 hex characters). Toggle to uppercase hex (matching Windows `CertUtil` / `Get-FileHash` output) or RFC 4648 Base64 (matching SRI integrity directives).
  • Click Copy to drop the digest into your clipboard.
  • Paste an expected hash into the comparison field — the row lights up green for a match, red for a mismatch. Useful for verifying release integrity in one step.
  • Performance: a 1 MB input hashes in well under 50 ms on baseline hardware via Web Crypto; a full 5 MiB file finishes in roughly 150 ms.

Common use cases

  • Download verification. Apache, Linux distributions, Docker, GitHub release pages, and HashiCorp downloads publish SHA-256 alongside artifacts. Drop the artifact + paste the hash to confirm bit-for-bit integrity.
  • Git blob and commit hashing. Modern Git is migrating to SHA-256 (the original SHA-1 transition started with the 2018 SHAttered work). Compute SHA-256 against a blob to look up its hash in a SHA-256-mode Git repository.
  • Content-addressable storage. IPFS, Docker image layers (sha256:<digest>), and Subversion content-addressable backups all use SHA-256 as the primary content ID.
  • HMAC-SHA-256 prep. AWS Signature V4, Stripe webhooks, Slack request verification, and GitHub webhook delivery all use HMAC-SHA-256 for request authentication. The digest you compute here is the inner hash of the HMAC construction.
  • Subresource Integrity (SRI). The `integrity="sha256-<base64-digest>"` HTML attribute pins a script or stylesheet to a specific byte sequence; the generator produces the Base64 form ready to paste.

Privacy and security

Hashing uses `crypto.subtle.digest("SHA-256", ...)` — the native Web Crypto implementation backed by your browser's OS-level cryptography library (BoringSSL on Chrome, CommonCrypto on Safari, NSS on Firefox). Nothing is sent to any server; the digest is computed inside the same V8 / JavaScriptCore / SpiderMonkey isolate that loaded the page. Disconnect from the network and the generator continues to work.

Tips and pitfalls

  • SHA-256 vs SHA-3. Both are NIST-approved. SHA-256 (and the SHA-2 family generally) remains the default for new systems; SHA-3 (Keccak) is approved as a hedge against future attacks on SHA-2. Most certificate authorities, signature schemes, and protocols still standardize on SHA-256.
  • HMAC-SHA-256 ≠ SHA-256(key || message). HMAC has a specific construction (RFC 2104) that XORs the key with two padding constants before hashing — naive concatenation is vulnerable to length-extension attacks. Use a real HMAC primitive, not a hand-rolled `digest(key + message)`.
  • Output length. SHA-256 always produces exactly 32 bytes — 64 hex characters or 44 Base64 characters. If your expected hash has a different length, you have copied the wrong digest or the publisher used a different algorithm.
  • Block size and rounds. SHA-256 processes input in 512-bit blocks across 64 rounds, with a 32-bit word size. These details matter for hardware implementations; for application-level use, treat SHA-256 as a black-box one-way function.
  • Collision resistance. SHA-256 has 128 bits of collision resistance (birthday bound). A successful collision attack would require ~2^128 work; no such attack is known and none is anticipated soon.

Frequently Asked Questions

SHA-256 vs SHA-3 — which should I use?
SHA-256 for nearly everything new in 2026. SHA-3 (Keccak family — SHA-3-256, SHA-3-512) was standardized as a hedge against future weaknesses in SHA-2; no such weakness has materialized. Most ecosystems (TLS, signatures, content addressing, package managers) standardize on SHA-256.
What is the output length?
Exactly 32 bytes — 64 lowercase hex characters, 44 Base64 characters (with `=` padding), or 43 Base64URL characters (without padding). Any other length means a different algorithm.
What is the maximum input size?
The browser tool caps file uploads at 5 MiB to keep memory bounded and avoid blocking the main thread. Web Crypto itself can handle far larger inputs; for gigabyte-scale hashing use `sha256sum` on Linux, `shasum -a 256` on macOS, or `Get-FileHash` on Windows.
How is HMAC-SHA-256 different from raw SHA-256?
HMAC adds a key and a specific padding-and-XOR construction (RFC 2104) so the output authenticates both the message and the key. Raw `SHA-256(key || message)` looks similar but is vulnerable to length-extension attacks because Merkle-Damgård hashes (SHA-256 included) leak internal state. Always use a real HMAC implementation when you need keyed authentication.
Can I verify a download with this tool?
Yes — drop the file, paste the publisher's SHA-256 hash, and the comparison badge confirms integrity. For multi-algorithm verification (where you do not know if the publisher used SHA-256 or SHA-512), use `/hash-checker/` instead — it runs all algorithms in parallel.
Is SHA-256 used in TLS?
Yes — RSA-SHA256 and ECDSA-with-SHA-256 are the standard certificate signature algorithms in TLS 1.2 and 1.3. The certificate fingerprint shown in browser certificate viewers is also typically SHA-256.
What is the block size and round count?
512-bit input blocks, 64 rounds, 32-bit word size. The compression function uses 8 working state words and a constant table derived from the cube roots of the first 64 primes. For practical use these details do not matter; for hardware engineers they determine throughput and area trade-offs.
Where can I read the specification?
NIST FIPS 180-4 (the current version of the Secure Hash Standard) is the authoritative reference. RFC 6234 republishes the same algorithms in IETF format with reference C code. MDN documents the Web Crypto `crypto.subtle.digest` API used by this tool.