SHA-256 Hash Generator

What Is SHA-256?

SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function published by the National Security Agency (NSA) in 2001 as part of the SHA-2 family. It takes an input of any length and produces a fixed-size 256-bit (32-byte) output, typically represented as a 64-character hexadecimal string.

The algorithm is deterministic: the same input always produces the same output. Even a single-bit change in the input produces a completely different hash, a property known as the avalanche effect. For example, hashing hello and Hello yields two entirely unrelated 64-character strings.

SHA-256 is a one-way function. Given a hash output, there is no feasible way to recover the original input. This property makes it fundamental to digital signatures, password storage, data integrity verification, and blockchain technology.

How Bitcoin Uses SHA-256

Satoshi Nakamoto chose SHA-256 as the core hashing algorithm for Bitcoin. It appears in nearly every layer of the protocol, from mining to address generation.

Mining and Proof-of-Work

Bitcoin mining is fundamentally a SHA-256 computation race. Miners construct a block header containing the previous block hash, a Merkle root of transactions, a timestamp, a difficulty target, and a nonce. They then compute the double SHA-256 of this 80-byte header, incrementing the nonce until the resulting hash falls below the current difficulty target.

A valid block hash must start with a specific number of leading zeros. As of 2026, miners compute roughly 800 exahashes per second (EH/s) across the network, each attempt being a single double-SHA-256 operation on an 80-byte block header.

Transaction IDs

Every Bitcoin transaction is identified by its txid, which is the double SHA-256 of the serialized transaction data. When you look up a transaction on a block explorer, the 64-character identifier you see is the hex-encoded result of hashing the raw transaction bytes twice with SHA-256.

Merkle Trees

Bitcoin organizes transactions within a block using a Merkle tree. Each transaction's txid is a leaf node, and pairs of hashes are concatenated and double-SHA-256 hashed together to form parent nodes. This continues until a single root hash remains: the Merkle root stored in the block header. This structure allows lightweight clients to verify that a transaction is included in a block by checking a short proof path rather than downloading the entire block.

Address Generation

Bitcoin addresses are derived from public keys through a two-step hashing process. The public key is first hashed with SHA-256, and the result is then hashed with RIPEMD-160 to produce a 160-bit hash. This shorter hash becomes the core of a Bitcoin address (with a version byte and checksum appended via Base58Check encoding). Using two different hash functions provides defense in depth: an attacker would need to break both algorithms to reverse-engineer an address back to its public key.

SHA-256 Properties

What Is Double SHA-256?

Double SHA-256, often written as SHA-256d, means applying SHA-256 twice in sequence: SHA-256(SHA-256(x)). The first pass hashes the original input into a 32-byte digest. The second pass takes those 32 raw bytes and hashes them again, producing a new 32-byte digest.

Bitcoin uses double SHA-256 for block headers, transaction IDs, and Merkle tree nodes. The reason for double hashing is debated, but two common explanations stand out. First, it provides a defense against length-extension attacks. Standard SHA-256 is vulnerable to a class of attacks where an attacker who knows SHA-256(m) can compute SHA-256(m || padding || m') without knowing m. Hashing twice eliminates this vulnerability. Second, if a weakness were ever discovered in SHA-256 that partially compromised its pre-image resistance, the second round of hashing would add an extra layer of protection.

It is important to note that double SHA-256 hashes the raw bytes, not the hex string representation. The first SHA-256 produces 32 bytes, and those 32 bytes (not the 64-character hex string) become the input to the second SHA-256 call.

How to Use This Tool

Type or paste any text into the input field above. The tool computes both the SHA-256 hash and the double SHA-256 hash in real time as you type, using the Web Crypto API built into your browser.

• The SHA-256 output shows the standard single-pass hash of your input text
• The double SHA-256 output shows the result of hashing the raw SHA-256 bytes a second time, exactly as Bitcoin does
• Toggle between hex and Base64 output formats using the format selector
• Use the copy buttons to quickly copy either hash to your clipboard
• The character count shows the number of Unicode characters, while the byte count shows the UTF-8 encoded size (these differ for non-ASCII characters)

On initial load, the tool displays the hash of an empty string. The SHA-256 hash of an empty input is a well-known constant: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. This value is useful as a sanity check when testing SHA-256 implementations.

Frequently Asked Questions

What is SHA-256 used for in Bitcoin?

SHA-256 is Bitcoin's primary cryptographic hash function. It secures the proof-of-work mining process (miners repeatedly hash block headers to find valid blocks), generates transaction IDs (each txid is a double SHA-256 of the serialized transaction), builds Merkle trees for efficient transaction verification, and participates in address generation (SHA-256 followed by RIPEMD-160 on the public key).

Can SHA-256 be reversed?

No. SHA-256 is a one-way function designed so that recovering the original input from the hash output is computationally infeasible. The theoretical cost of a pre-image attack is approximately 2^256 operations, a number so large that it exceeds the total energy available in the observable universe when computed at the thermodynamic limit. In practice, the only way to find an input that produces a given hash is to try inputs one by one (brute force).

What is double SHA-256?

Double SHA-256 (SHA-256d) means applying SHA-256 twice: SHA-256(SHA-256(data)). The raw 32-byte output of the first hash becomes the input to the second hash. Bitcoin uses this for block headers, transaction IDs, and Merkle tree nodes. The double application provides protection against length-extension attacks that affect single-pass SHA-256.

How long is a SHA-256 hash?

A SHA-256 hash is always exactly 256 bits, regardless of input size. When represented as a hexadecimal string, it is 64 characters long. In Base64 encoding, it is 44 characters (including padding). As raw bytes, it is exactly 32 bytes.

Is SHA-256 still secure?

Yes. As of 2026, no practical attack has been demonstrated against SHA-256. No collision has ever been found, and the best known attacks offer only marginal improvements over brute force. The algorithm is considered secure by NIST, and it underpins not only Bitcoin but also TLS/SSL certificates, code signing, and countless other security systems. Even quantum computers, using Grover's algorithm, would only reduce the effective security from 256 bits to 128 bits for pre-image attacks, which remains well beyond reach.

What is the SHA-256 hash of an empty string?

The SHA-256 hash of an empty string (zero-length input) is: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. This is a well-known constant used by developers to verify that their SHA-256 implementation is correct. You can confirm this by clearing the input field in the tool above.

How fast is SHA-256?

On modern CPUs, SHA-256 can process roughly 500 MB/s in software. With hardware acceleration (Intel SHA Extensions or ARM Cryptography Extensions), throughput can exceed 2 GB/s on a single core. Bitcoin ASIC miners are purpose-built for SHA-256 and achieve terahashes per second per chip, but these devices can only compute the specific double SHA-256 used in mining, not general-purpose hashing.

Why does Bitcoin use SHA-256 instead of SHA-3?

Bitcoin was created in 2008, and SHA-256 (published 2001) was the most widely studied and trusted hash function at the time. SHA-3 was not standardized until 2015. SHA-256 has a strong security record with no practical vulnerabilities found in over two decades of analysis. Changing Bitcoin's core hash function would require a consensus hard fork, and there is no compelling reason to do so given SHA-256's continued security.