Converter Web ToolsConverter WebTools

SHA-256 Hash

Generate a SHA-256 hash from any text instantly. Everything is computed in your browser, so your input never leaves your device.

Input
Output
Share Link
Settings
Hash

What is SHA-256?

SHA-256 is part of the SHA-2 family of cryptographic hash functions published by NIST in 2001. It turns any input into a fixed 256-bit digest, shown as 64 hexadecimal characters. SHA-256 is one-way: the same input always produces the same hash, and it is computationally infeasible to find two inputs with the same digest or to reverse a digest back to its input. It secures TLS/SSL certificates, digital signatures, software signing, file integrity checks and blockchains (it powers Bitcoin). Unlike MD5 and SHA-1, SHA-256 has no known practical collision attacks and is considered secure for modern use.

Secure & private: SHA-256 has no known practical attacks and runs entirely in your browser — your input is never uploaded. For storing passwords, use a slow salted hash (bcrypt, scrypt or Argon2) rather than raw SHA-256.

How SHA-256 works

SHA-256 compresses a message into a 256-bit digest using the Merkle–Damgård construction:

  1. Padding — the message is padded and its length appended so the total is a multiple of 512 bits.
  2. Blocks — it is split into 512-bit blocks, each expanded into sixty-four 32-bit words (the message schedule).
  3. Compression — eight 32-bit working variables are updated over 64 rounds using bitwise functions, rotations and round constants derived from the cube roots of prime numbers.
  4. Output — the final values of the eight variables are concatenated into 256 bits and shown as 64 hexadecimal characters.

Because every input bit is thoroughly mixed in, it is infeasible to find two inputs with the same digest — which is why SHA-256 underpins TLS, code signing and Bitcoin.

How to use

  1. Type or paste your text into the input box.
  2. The SHA-256 hash is calculated automatically as you type.
  3. Choose your output encoding (Hex or Base64) if needed.
  4. Click Copy to copy the digest to your clipboard.

Examples

InputSHA-256 hash
hello2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
abcba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
password5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
(empty string)e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Options explained

  • Output encoding — Show the digest as lowercase or uppercase Hex, or as Base64.
  • Input encoding — Choose how your text is read into bytes (UTF-8 by default; UTF-16, Hex, Base64 and many charsets are supported).
  • HMAC — Enable HMAC-SHA256 with a secret key to produce a keyed hash used for message authentication (e.g. API request signing, JWT).

Common uses

  • TLS/SSL & certificates — verifying the integrity and authenticity of secure connections.
  • Digital signatures & code signing — hashing data before it is signed.
  • Blockchain — SHA-256 secures Bitcoin transactions and mining.
  • File integrity — comparing a file against a published SHA-256 checksum.
  • API authentication — HMAC-SHA256 signs requests and tokens.

Frequently asked questions

Is SHA-256 secure?
Yes. There are no known practical collision or preimage attacks, which is why SHA-256 is the standard for integrity checks and digital signatures.
How long is a SHA-256 hash?
256 bits — 64 hexadecimal characters (or 44 characters in Base64), regardless of input size.
Can SHA-256 be decrypted or reversed?
No. It is a one-way hash, not encryption; you cannot compute the input from the digest.
Should I use SHA-256 for passwords?
Not on its own. SHA-256 is fast, which helps attackers. Use a slow, salted password hash such as bcrypt, scrypt or Argon2.
SHA-256 vs MD5 — which is better?
SHA-256. MD5 is broken by collisions; SHA-256 is collision-resistant and safe for security use.