SHA-256

SHA-256 is a member of the SHA-2 cryptographic hash functions designed by the NSA that generates an almost-unique 256-bit (32-byte) signature for a given text input. SHA stands for "Secure Hash Algorithm." Hashing algorithms are mathematical functions that condense data to a fixed size. Many hashing algorithms exist for various purposes; SHA algorithms are utilized for cryptographic security. Cryptographic hash algorithms produce irreversible and almost unique hashes. Irreversible in the sense that if you only had the hash you couldn’t use that to figure out what the original data was, therefore allowing the original data to remain secure and unknown. Unique meaning that two different pieces of data cannot produce the same hash.

Part of the SHA-2 group of hash algorithms first created by the NSA in 2001 as a successor to SHA-1, SHA-256 is a patented cryptographic hash function. The patent (US6829355B2) for the SHA-256 algorithm was filed by the NSA on March 5th, 2001, listing Glenn M Lilly as the inventor. The patent was granted and published on December 7th, 2004.

From 2011 to 2015, SHA-1 was the primary algorithm used for SSL certificates. Growing research showing the weaknesses of SHA-1 prompted a revaluation and from 2016 onward, SHA-2 is the new standard. Since August 5th, 2015 NIST policy on hash functions recommends application and protocol designers implement SHA-256 at a minimum for any applications of hash functions requiring interoperability.

SHA-256 has not yet been compromised in any way. The 256-bit key makes it a good partner function for AES. It is defined in the NIST (National Institute of Standards and Technology) standard ‘FIPS 180-4’. NIST also provides a number of test vectors to verify the correctness of implementation.

The SHA-256 algorithm can be separated into five sections.

Extra bits are added to the message, such that the length is exactly 64 bits short of a multiple of 512. During the addition, the first bit should be one, and the rest of it should be filled with zeroes.

Next, 64 bits are added to make the final plaintext a multiple of 512. The 64 bits of characters are calculated by applying the modulus of the original cleartext without the padding.

Padding of the original message in the SHA-256 algorithm.

The default values for eight buffers and 64 different keys in an array (K[0] to K[63]) are initialized.

The algorithm breaks down the entire message into multiple blocks of 512 bits each. It puts each block through 64 rounds of operation, with the output of each block serving as the input for the following block.

Representation of the SHA-256 algorithm.

The value of K[i] for each round is pre-initialized. W[i] is another input calculated individually for each block, depending on the number of iterations being processed at the moment.

With each iteration, the final output of the block serves as the input for the next block. The entire cycle repeats until you reach the last 512-bit block, and the final hash digest is output. This digest will be of the length 256-bit, as per the name of this algorithm.

The security of the SHA-256 algorithm is partially dependent on how collision resistant it is, where collision resistance is a probability measurement for two different data inputs to produce the same hash output (i.e. collide with each other). Every hash function with more inputs than outputs will necessarily have collisions. SHA-256 produces 256 bits of output from an arbitrarily large input. Since it must generate one of 2²⁵⁶ outputs for each member of a much larger set of inputs, the pigeonhole principle guarantees that some inputs will hash to the same output. However, the larger the number of possible hashes, the smaller the chance that two values will create the same hash.

The following are three key properties defining the security of SHA-256:

1. With 2²⁵⁶ possible outputs it is almost impossible to reconstruct the initial data from the hash value. Brute-force attacks would need to make 2²⁵⁶ attempts to generate the initial data.
2. Having two messages with the same hash value is extremely unlikely (high collision resistance).
3. Minor changes to the original data alter the hash value significantly that it’s not apparent the new hash value is derived from similar data (known as the avalanche effect).

SHA-256 is commonly used to authenticate digital certificates, such as SSL certificates that ensure a secure link between a website and web browsers. SHA-256 is also the cryptographic hash function used for Bitcoin's Proof of Work mining and in the creation of Bitcoin addresses. SHA-256 is also used in other popular authentication and encryption protocols, including TLS, IPsec, SSH, and PGP. In Unix and Linux.