SHA-256 is a member of the SHA-2 cryptographic hash functions designed by the NSA. SHA stands for Secure Hash Algorithm. Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed “hash” (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data’s integrity. A one-way hash can be generated from any piece of data, but the data cannot be generated from the hash.


SHA-256, which became the successor of SHA-1, bears another name-SHA-2. It’s not much harder to encode than SHA-1, and its 256-bit key has never been compromised so far.

Secure communications for websites and web services are based on files known as certificates. They are used to establish and authenticate secure connections. These certificates contain cryptographic elements that are generated using algorithms such as SHA-256.

Previously, certificates were most often generated using SHA-1 as digital signature items, but the algorithm was gradually deprecated and no longer considered as secure as most Internet users would like. As a result, there was a significant shift towards certificates using the new algorithm — SHA-256′.

The transition to SHA-2

In 2016, the SSL certificate industry made the transition to a new standard — SHA-2. The transition process has been accompanied by re-issuing thousands of certificates and major software updates, which employs centralized trusted certification authorities.

The deadline for the issuance of new certificates was 31 December 2015. Basically the Internet sector had to switch to the new standard by this point, but still some errors could not be avoided.

Within the next year or two, the vast majority of Sha-1 certificates will be “extinct.” As of August 2017, their number was about 500 000.

SHA-3-encryption technology of the future

Over time, cyberattacks increase significantly as the cost of computer processing power decreases. By 2020, this will make the current digital signature less secure than it is today. For this reason, the algorithm selection will be an important decision. This is necessary because temporary short-term upgrades can simply compromise its security. No hashing algorithm is able to maintain a high level of security for even a decade.

This does not mean that cryptographers will sit idly by while waiting for a problem. The Sha-2 successor, known as SHA-3, has already been completed. When the time comes to make that transition, the online technology industry will be able to use SHA-3 as its next choice. But, perhaps, by that time there will be a completely different algorithm.

It takes years to research and test new cryptographic standards before you can start developing software to support them. It is only when we are one step ahead that we can talk about one or another level of security.


The initial version of the SHA-256 algorithm was created by the US National Security Agency in the spring of 2002. A few months later, the national metrological University published the newly-announced encryption Protocol in the FIPS PUB 180-2 secure data processing standard adopted at the Federal level. In the winter of 2004 it was replenished with the second version of the algorithm.

Over the next 3 years, the NSA issued a second-generation Sha patent under Royalty-free license. This is what gave rise to the use of technology in civilian areas.

This Protocol works with information broken down into pieces of 512 bits (or 64 bytes in other words). It produces its cryptographic “mixing” and then issues a 256-bit hash code. The algorithm includes a relatively simple round, which is repeated 64 times.

In addition, SHA-256 has quite good technical parameters:

  • block size indicator (byte): 64.
  • maximum allowed message length (bytes): 33.
  • characteristics of the message digest size (bytes): 32.
  • the standard word size (bytes): 4.
  • internal position length parameter (bytes): 32.
  • the number of iterations in one cycle: 64.
  • the speed achieved by the Protocol (MiB/s): approximately 140.

The Sha-256 algorithm is based on the Merkle-Damgard construction method, according to which the initial index is divided into blocks immediately after the change is made, and those, in turn, into 16 words.

SHA-256 is used in several different parts of the Bitcoin network:

External links

See also