SHA-256 is the hash function that powers Bitcoin. You've already seen what a hash function does — now let's look at SHA-256 specifically: why Satoshi chose it, how it processes data internally, and why it's still considered secure while older algorithms like MD5 and SHA-1 have been broken.
Try it: SHA-256 in action
Type anything below and watch the SHA-256 digest update in real time. Notice that the output is always exactly 64 hex characters — that's 256 bits — regardless of whether you type one word or a whole paragraph.
Type anything — the digest updates live. Change one character to see the avalanche effect.
SHA-256 · 256 bits · 64 hex
1
Change any character in the text2
Tap «Long input» below3
Look at the blocks — they are linkedBLOCK DATA — try changing any character:
SHA-256 HASH (64 chars = 256 bits):
Web Crypto unavailable (use HTTPS or a modern browser)
TRY SAMPLE STRINGS — click to load:
↑ each sample demonstrates a different hash property
…
Why SHA-256 and not MD5 or SHA-1?
Not all hash functions are created equal. MD5 and SHA-1 were once the industry standard — until researchers found ways to create collisions (two different inputs with the same hash). Once a hash function is broken, it cannot be used to secure financial history. Satoshi chose SHA-256 because it was the strongest standardised option available in 2008, and it remains unbroken today.
Click each point to see why it matters for blockchain ▶
1992 → broken
MD5
1995 → broken
SHA-1
2001 → Bitcoin (2009)
SHA-256
✓ Still secure
2012 → Ethereum
Keccak-256
How SHA-256 processes data internally
You don't need to implement SHA-256 yourself — you'll always use an audited library. But understanding the processing model helps you reason about performance and protocol choices: why inputs are padded, why processing happens in 512-bit blocks, and where that 256-bit output comes from.
How SHA-256 turns any input into a 256-bit digest ▶
📥
Input
any length (bytes)
→
📐
Pad
append 1-bit + length → multiple of 512 bits
→
✂️
Split
into 512-bit blocks
→
🔁
Compress
64 rounds per block, mix 8 state words
→
📤
Output
256-bit (64 hex chars) digest
SHA-256 vs Keccak-256: choosing the right algorithm
SHA-256 and Keccak-256 are both secure — they're just used in different blockchains
| Aspect | SHA-256 | Keccak-256 |
|---|---|---|
| Internal design | Merkle-Damgård construction | Sponge construction (different family) |
| Output size | 256 bits (32 bytes) | 256 bits (32 bytes) |
| Standardised as | SHA-2 family (FIPS 180-4) | SHA-3 family — but Ethereum uses pre-standard padding |
| Used in | Bitcoin: PoW, Merkle root, double-SHA256d | Ethereum: address derivation, storage slots, events |
| Status | No known practical attack | No known practical attack |
| Speed | Fast; hardware acceleration (SHA-NI) | Fast; slightly different performance profile |
SHA-256 in code
Click any line to see the explanation ▼
python
1
import hashlib
▼
2
# Standard SHA-256:
3
digest = hashlib.sha256(b'Hello Bitcoin').hexdigest()
▼
4
print(digest) # 64 hex characters, always
5
6
# Double SHA-256 (SHA-256d) — used in Bitcoin:
▼
7
inner = hashlib.sha256(b'Hello Bitcoin').digest() # raw bytes, not hex
▼
8
sha256d = hashlib.sha256(inner).hexdigest()
▼
9
10
# Keccak-256 — used in Ethereum (NOT standard SHA-3):
▼
11
from Crypto.Hash import keccak # pip install pycryptodome
▼
12
k = keccak.new(digest_bits=256)
▼
13
k.update(b'Hello Ethereum')
▼
14
print(k.hexdigest()) # Different from SHA-256 of same input
▼
⚠️Protocol specificity: never use 'hash' as a generic term in blockchain code. Always name the exact function: SHA-256d for Bitcoin block headers, Keccak-256 for Ethereum addresses. Using the wrong function produces a completely different digest with no error — it silently breaks compatibility with the rest of the network.