# SHA-256 (Secure Hash Algorithm 256-bit)

SHA-256 is part of the SHA-2 family of cryptographic hash functions, standardized by NIST in 2001. It transforms any input into a fixed 256‑bit (32‑byte) digest, ensuring data integrity and authentication. SHA-256 is involved by the U.S. government and widely used in various security applications and protocols.

---

## Key Properties

- **Deterministic:**  
  Same input always yields the same output.
  
- **One-Way:**  
  Reversing the hash to recover the original input is computationally infeasible.
  
- **Collision-Resistant:**  
  It is extremely difficult to find two distinct inputs that produce the same hash.

---

## How It Works

1. **Preprocessing:**  
   - **Padding and Parsing:** The input message is padded to a multiple of 512 bits and split into 512‑bit blocks.
   
2. **Processing:**  
   - **Rounds of Transformations:** Each block goes through 64 rounds of operations involving bitwise functions (e.g., XOR, shifts, rotations) and modular additions.
   
3. **Digest Calculation:**  
   - **State Update:** An internal state is updated with each block, and after processing all blocks, the final 256‑bit digest is produced.

> **Note:** You typically use a cryptographic library for SHA-256 instead of implementing it by hand.

---

## Communication Flow Example

```text
Bob                         Alice                        Eve
---                         -----                        ---
File F
  | -- Compute SHA-256 -->   Digest H
                            Compare with her own computed H
                            If match → file integrity confirmed
```

*Eve may alter the file, but without being able to generate a matching hash, the tampering will be detected.*

---

## Parameters

- **Input:**  
  Any-length message (text, binary, etc.)

- **Output:**  
  A 256‑bit digest (commonly displayed as 64 hexadecimal characters)

---

## Security Considerations

- **Current Security:**  
  SHA-256 remains secure and is widely trusted for integrity verification.
  
- **Use Cases:**  
  - Data integrity checks
  - Digital signatures
  - Blockchain and cryptocurrency applications
  - TLS/HTTPS

- **Not for Password Hashing:**  
  Use dedicated algorithms like bcrypt, scrypt, or Argon2 for password hashing.

---

## Real-World Applications

- **Blockchain:**  
  Underpins cryptocurrencies like Bitcoin.
  
- **Web Security:**  
  Used in TLS/HTTPS and certificate authentication.
  
- **Digital Signatures:**  
  Forms part of schemes such as RSA-PSS, ECDSA, and EdDSA.
  
- **File Integrity Verification:**  
  Used as a checksum to verify that files have not been altered.

---

For implementation, always rely on reputable cryptographic libraries to ensure robustness

In [2]:
import hashlib

# --- Hash a simple message ---
message = b"hello world"
digest = hashlib.sha256(message).hexdigest()

print("Message:", message)
print("SHA-256 digest:", digest)

# --- Same input → same output ---
digest2 = hashlib.sha256(message).hexdigest()
print("Repeat hash same?:", digest == digest2)

# --- Different message ---
message2 = b"hello World"
digest3 = hashlib.sha256(message2).hexdigest()
print("Different input digest:", digest3)



Message: b'hello world'
SHA-256 digest: b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
Repeat hash same?: True
Different input digest: db4067cec62c58bf8b2f8982071e77c082da9e00924bf3631f3b024fa54e7d7e
