Cryptography & Security

Hashing (SHA-256)

Explore SHA-256 message processing: padding, scheduling, 64 rounds of compression, and the avalanche effect where a single bit change alters half the hash.

Message Input

Step 1: Message Padding11 bytes → 64 bytes

48656c6c6f20576f726c648000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000058

Message

0x80 bit

Zero padding

Length (64-bit)

Step 2: 512-bit Blocks1 block

Block 0

48656c6c6f20576f726c648000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000058

Step 4: Compression (Round 0/64)

a6a09e667

bbb67ae85

c3c6ef372

da54ff53a

e510e527f

f9b05688c

g1f83d9ab

h5be0cd19

Round Progress0/64

Metrics

Message Length

11B

Blocks

Current Round

0/64

Phase

idle

Hash Output

Processing...

Current H values

H0=6a09e667H1=bb67ae85H2=3c6ef372H3=a54ff53aH4=510e527fH5=9b05688cH6=1f83d9abH7=5be0cd19

SHA-256 Steps

Pad message to multiple of 512 bits

Parse into 512-bit blocks

Expand 16 words to 64-word schedule

Compress through 64 rounds

1.0x

About SHA-256

One-Way Function

SHA-256 is computationally infeasible to reverse. Given a hash, you cannot determine the original message. This makes it ideal for password storage and digital signatures.

Collision Resistance

Finding two different messages that produce the same hash is computationally infeasible. With 2^256 possible outputs, the birthday attack requires ~2^128 attempts.

Deterministic

The same input always produces the same 256-bit output. This property is essential for verification: you can check integrity by comparing hashes without revealing the data.

Compression Function Detail

Round Computation

Each of the 64 rounds computes two temporary values:

T1 = h + Sigma1(e) + Ch(e,f,g) + K[t] + W[t]

T2 = Sigma0(a) + Maj(a,b,c)

Then the working variables shift:

h=g, g=f, f=e, e=d+T1

d=c, c=b, b=a, a=T1+T2

Logical Functions

Ch(x,y,z) = (x AND y) XOR (NOT x AND z)

Choose: x picks bits from y or z

Maj(x,y,z) = (x AND y) XOR (x AND z) XOR (y AND z)

Majority: output matches majority of inputs

Sigma0(x) = ROTR2 XOR ROTR13 XOR ROTR22

Sigma1(x) = ROTR6 XOR ROTR11 XOR ROTR25

SHA Family Comparison

Algorithm	Digest Size	Block Size	Rounds	Status
MD5	128 bits	512 bits	64	Broken
SHA-1	160 bits	512 bits	80	Deprecated
SHA-256current	256 bits	512 bits	64	Secure
SHA-384	384 bits	1024 bits	80	Secure
SHA-512	512 bits	1024 bits	80	Secure
SHA-3	Variable	Variable	24	Secure

Real-World Applications

Bitcoin Mining

SHA-256 is used in Bitcoin's proof-of-work. Miners compute double-SHA-256 to find valid block hashes.

TLS Certificates

Digital certificates use SHA-256 to create signatures that verify authenticity of HTTPS connections.

Git Commits

Git uses SHA-1 (migrating to SHA-256) to create unique identifiers for every commit and object.

Password Storage

Passwords are hashed with SHA-256 (plus salt) before storage so plaintext is never kept.

Initial Hash Values (H0..H7)

H0 = 6a09e667

H1 = bb67ae85

H2 = 3c6ef372

H3 = a54ff53a

H4 = 510e527f

H5 = 9b05688c

H6 = 1f83d9ab

H7 = 5be0cd19

These are the first 32 bits of the fractional parts of the square roots of the first 8 primes (2, 3, 5, 7, 11, 13, 17, 19). The 64 round constants K are derived similarly from cube roots of the first 64 primes.

First 16 Round Constants (K[0..15])

428a2f9871374491b5c0fbcfe9b5dba53956c25b59f111f1923f82a4ab1c5ed5d807aa9812835b01243185be550c7dc372be5d7480deb1fe9bdc06a7c19bf174