Skip to content

SHA-256 Hash Generator & Checksum Tool

Generate SHA-256 hashes online for free. Hash text or files in your browser, verify checksums, and copy 64-character hex output. No signup; data never leaves the page.

No Tracking Runs in Browser Free
All hashing is performed locally in your browser. No data is transmitted to any server.
Algorithm
Reviewed for SHA-256 correctness against NIST FIPS 180-4 test vectors — Go Tools Engineering Team · May 28, 2026

What Is SHA-256?

SHA-256 (Secure Hash Algorithm, 256-bit) is the most widely deployed cryptographic hash function in the SHA-2 family, designed by the U.S. National Security Agency and published by NIST in 2001 as part of FIPS 180-2. It takes any input — text, file, or byte stream — and produces a fixed 256-bit (64 hexadecimal character) fingerprint that uniquely identifies the input with cryptographic-grade certainty.

SHA-256 has resisted all collision attacks since publication. The NIST FIPS 180-4 specification remains current; it is approved for use by the U.S. federal government, PCI DSS, FIPS 140-3, and the IETF's Internet standards. It underpins TLS certificates (the fingerprint that browsers show in cert dialogs), Git's modern object-ID format (since Git 2.29 in SHA-256 mode), Bitcoin's transaction IDs and proof-of-work, JWT signature verification (the JWS HS256, RS256, ES256 family), and the integrity column of every major package manager (npm, pip, cargo, apt).

This tool computes SHA-256 entirely in your browser using crypto.subtle.digest('SHA-256', ...) from the Web Crypto API — the same primitive that browsers use internally for TLS handshakes. No bytes are uploaded; no server is involved. The hash you see is exactly what sha256sum, OpenSSL's dgst -sha256, or Python's hashlib.sha256() would produce.

When to use SHA-256: file integrity verification, content-addressed storage, digital signature workflows, certificate fingerprinting, cache-busting via content hashing, deduplication. When not to use SHA-256: password storage (use bcrypt, scrypt, or Argon2 — SHA-256 is far too fast for password defense), HMAC without the proper construction (use a dedicated HMAC library), or as a general-purpose random ID (use UUID instead).

For comparison: SHA-256 produces 64 hex chars vs. MD5's 32 (broken since 2004), SHA-1's 40 (broken since 2017), SHA-384's 96, and SHA-512's 128. The 256-bit output gives 128 bits of collision resistance — far beyond any foreseeable computational attack.

// Hash text using Web Crypto API (SHA-256)
async function sha256(text) {
  const data = new TextEncoder().encode(text);
  const hash = await crypto.subtle.digest('SHA-256', data);
  return Array.from(new Uint8Array(hash))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

await sha256('Hello, World!');
// → 'dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f'

SHA-256 Examples

Verify an Ubuntu ISO download

ubuntu-24.04.iso

Drop the downloaded ISO into the File tab; the tool computes SHA-256 in chunks, displaying progress for large files. Compare the resulting hash against the SHA256SUMS file Ubuntu publishes on releases.ubuntu.com. A match confirms the download is bit-identical to what Canonical signed — the standard integrity check for any Linux distribution.

Fingerprint a TLS certificate

-----BEGIN CERTIFICATE-----MIIDXTCCAkWg...

Paste a PEM-encoded certificate body (without the BEGIN/END markers if your toolchain expects raw DER hex). The SHA-256 fingerprint is what shows up in browser certificate-info dialogs and in HTTP Public Key Pinning headers. Modern browsers display this as 32 hex bytes separated by colons; this tool gives you the unbroken 64-character form, which is what most APIs and config files expect.

Generate a content hash for cache busting

/* CSS file contents */

A common static-site pattern: hash a CSS or JS file's contents, append the first 8 characters of the hash as a query string (?v=a1b2c3d4) or filename suffix (app.a1b2c3d4.css), and serve with a 1-year cache header. When the content changes the hash changes, busting caches deterministically. SHA-256 is well-suited because collisions are infeasible in practice — even truncated to 8 chars, accidental collision is astronomically unlikely for a single site.

Pre-image lookup verification

password123
ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f

SHA-256 hash of 'password123' is ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f. The point of this example is the danger: never use plain SHA-256 for password storage — it is far too fast (a modern GPU brute-forces billions per second). For passwords, use bcrypt, scrypt, or Argon2 with proper salt and cost parameters. SHA-256 is for integrity, not credentials.

How to Generate SHA-256 Hashes

  1. 1

    Paste text or drop a file

    Select Text tab and paste any string into the input area, or switch to File tab and drag a file from your desktop into the dropzone. The SHA-256 algorithm picker is already active. Hashing happens as you type — no Generate button to click. For files, a progress indicator shows during large uploads (>10 MB).

  2. 2

    Copy the 64-character hash

    Click the Copy button next to the hash output. The full 64-character hex value goes to your clipboard. Use the Uppercase/Lowercase toggle if your downstream system requires a specific case — Git uses lowercase, some Windows tools default to uppercase.

  3. 3

    Verify with the Compare tab

    Switch to the Compare tab and paste two SHA-256 hashes (e.g., yours and a publisher's). The tool reports match/mismatch with constant-time comparison, so the result does not leak timing information. Useful for verifying downloaded ISO files, container image digests, or signed JAR fingerprints.

Technical Details

Algorithm: SHA-2 family, Merkle-Damgård construction
SHA-256 processes input in 512-bit blocks, applying 64 rounds of bitwise operations (rotations, XORs, additions modulo 2^32) with constants derived from the cube roots of the first 64 primes. The final hash is the internal state after the last block. Implementation: FIPS 180-4 sections 4.2 and 6.2.
Output: 256 bits, 64 hex characters
Always exactly 64 characters in the range [0-9a-f] (lowercase) or [0-9A-F] (uppercase). Different encodings (Base64, Base64URL) shorten the string; this tool outputs the canonical hex form.
Performance: ~500 MB/s in browser, ~2 GB/s native
Web Crypto's SHA-256 implementation is compiled C/Rust running outside the JS VM, so it is competitive with native tools. Typical browser hash rate: 300-800 MB/s. A 1-GB file hashes in 1-3 seconds.
Standards: FIPS 180-4, RFC 6234, NIST SP 800-107
Currently approved by NIST for all security strength levels through 2030 and beyond. Required by PCI DSS 4.0 for cardholder-data integrity, by FedRAMP, and by Common Criteria EAL2+ evaluations.

Best Practices

Always hash UTF-8 bytes, not Unicode code points
Different encodings of the same string produce different hashes. UTF-8 is the de facto standard; this tool encodes input as UTF-8 before hashing. If you need to match a tool that uses UTF-16 (some Windows APIs) or Latin-1, you need to pre-encode externally.
Use constant-time comparison when verifying
If you are comparing two hashes in code, use a constant-time equality check (timingsafe_equal in Node.js, hmac.compare_digest in Python). Naive === or strcmp leaks timing information that can be exploited to recover the hash. This tool's Compare tab already uses constant-time comparison.
Truncating SHA-256 is acceptable for non-security uses
For cache-busting filenames or short content IDs, taking the first 8 or 16 hex chars of a SHA-256 hash is fine — collision probability is still astronomically low at internet scale. For cryptographic use (signatures, fingerprints), always keep the full 64 chars.
Pair with a salt for any keyed use
If you are using SHA-256 to derive a key or token from a secret, always include a unique salt per input. Without a salt, identical inputs produce identical hashes — which leaks information. Better: use HKDF (RFC 5869) or HMAC-SHA-256 instead of raw SHA-256 for key derivation.

SHA-256 FAQ

What is SHA-256 and how is it different from MD5 or SHA-1?
SHA-256 is a 256-bit cryptographic hash function in the SHA-2 family, designed by the NSA and standardized by NIST in FIPS 180-4. It produces a 64-character hexadecimal output. Unlike MD5 (128-bit, broken since 2004) and SHA-1 (160-bit, broken since 2017), SHA-256 remains cryptographically secure: no practical collision has ever been found. It is the current industry default for digital signatures, certificate fingerprints, blockchain transaction IDs, and integrity verification.
How long is a SHA-256 hash?
Always 64 hexadecimal characters (256 bits = 32 bytes, encoded as 2 hex chars per byte). The output length is fixed regardless of input size — a 1-byte input and a 10-GB input both produce 64 hex chars. This fixed length is what makes it useful as a fingerprint.
Is SHA-256 safe for password storage?
No. SHA-256 is too fast — a modern GPU can compute billions of SHA-256 hashes per second, which is exactly what an attacker wants for brute-forcing passwords. Use a deliberately slow password hash: bcrypt, scrypt, or Argon2id, each with proper salt and a high cost parameter. SHA-256 is for integrity (verifying data has not been tampered with), not for storing secrets. Use the password generator for the input side; use a dedicated password-hash library on the server.
Can SHA-256 be reversed to find the original input?
No. SHA-256 is a one-way function: given a hash, there is no efficient algorithm to recover the input. The only general attack is brute force — trying every possible input and hashing each one. For arbitrary inputs this is computationally infeasible. The exception: short, predictable inputs (common passwords, simple words) can be looked up in rainbow tables, which is why salting passwords matters.
What is the difference between SHA-256 and SHA-2?
SHA-2 is the family name; SHA-256 is one specific member. The SHA-2 family also includes SHA-512 (512-bit), SHA-384 (truncated SHA-512), SHA-224 (truncated SHA-256), SHA-512/224, and SHA-512/256. All share the same Merkle-Damgård construction with different word sizes and truncation rules. SHA-256 is the most widely deployed member — it is what TLS, JWT, Git, and Bitcoin all default to.
Is my data sent to a server when I use this tool?
No. SHA-256 is computed entirely in your browser using the Web Crypto API (crypto.subtle.digest). Open DevTools → Network tab while hashing — you will see zero outgoing requests. The file you drop in File mode is read with the FileReader API and hashed locally; the bytes never leave your machine. This makes the tool safe for hashing confidential documents, proprietary code, or sensitive checksums.
How do I verify a SHA-256 checksum from a download?
1) Download the file. 2) Open this tool and click the File tab. 3) Drag the file into the dropzone. 4) Wait for the hash to compute (large files take a few seconds). 5) Open the publisher's published SHA256SUMS file. 6) Paste both hashes into the Compare tab — green means match, red means the file is corrupted or tampered. Most Linux distributions, language runtimes (Python, Node.js), and software vendors publish SHA-256 checksums alongside their downloads precisely for this purpose.
Why does my SHA-256 output differ from a command-line tool?
Almost always whitespace or encoding. The shell command `echo "hello" | sha256sum` includes a trailing newline (\n), so the hash is for "hello\n" not "hello". Use `echo -n "hello"` to strip it. Other gotchas: Windows line endings (\r\n vs \n), UTF-8 BOM, or the difference between hashing UTF-8 bytes vs UTF-16 bytes. SHA-256 is extremely sensitive — a single byte changes the entire output.
Can SHA-256 hash an empty file?
Yes. The SHA-256 of zero bytes is a well-known constant: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. This is sometimes used as a sentinel value or as a quick verification that the hashing pipeline is wired correctly.
Should I use SHA-256 or SHA-512?
Use SHA-256 for most cases — it is faster on 32-bit hardware, ubiquitously supported, and provides 128 bits of security against collisions. Use SHA-512 when you are on 64-bit hardware where it is actually faster, or when you specifically need 256 bits of collision resistance for cryptographic protocols that demand it. For everyday use (file checksums, Git, TLS), SHA-256 is the standard.

Related Tools

View all tools →

JWT Decoder

Security Tools

Decode JWT tokens online with our free JWT decoder. Instantly inspect header, payload, signature, expiration, algorithm, and claims. 100% browser-based — your token never leaves your device. No signup, no tracking.

MD5 Hash Generator & File Checksum Tool

Security Tools

Generate MD5, SHA-256, SHA-1 & SHA-512 hashes online for free. Hash text or files in your browser, verify checksums and copy results. No signup needed.

Random Password Generator — Customizable, Strong & Secure

Security Tools

Generate strong random passwords instantly — free, 100% in your browser. Customize length & characters, batch up to 50 with entropy analysis.

SHA-1 Hash Generator (160-bit Legacy)

Security Tools

Generate SHA-1 hashes in your browser — 40-character hex output, no upload. Legacy tool for Git fingerprints, old certificate checks, and migration audits. Data never leaves your device.

SHA-3 Hash Generator (Keccak SHA3-256)

Security Tools

Generate SHA-3 hashes online free. NIST FIPS 202 sponge construction — the post-SHA-2 standard. SHA3-256 output in 64 hex chars. Browser-only via lazy-loaded js-sha3; zero uploads.

SHA-384 Hash Generator (TLS Suite B Hash)

Security Tools

Generate SHA-384 hashes online — 96-character hex output, length-extension immune, NSA Suite B compliant. Paired with AES-256-GCM in TLS. All hashing runs in your browser via Web Crypto API.