Have you ever wondered if the owner of a website can see your password? The chance that this is possible is very small. A password is saved in the database immediately after entering it. It is first converted to a hash. This is a kind of secret code that prevents you from seeing the contents. Handy for passwords, because this ensures that others (such as a hacker) cannot do anything with the passwords when they see the hash in the database.
Hashes are so secure because they only work one way. This means that you can convert information to a hash, but you cannot convert the hash back to the content. There are several hashing algorithms, of which SHA-256 is one. Among other things, the Bitcoin (BTC) uses the SHA-256 hashing protocol. Let’s take a look at what SHA-256 is, how SHA-256 works and what the algorithm is used for.
What is SHA-256? #
SHA-256 is a hashing algorithm that belongs to the SHA family. SHA, which stands for Secure Hash Algorithm, takes care of the encryption of information. This encryption is done according to a predetermined algorithm that is not known to anyone. This ensures that no one can reverse a hash back to its original content. It is only possible to convert information to a hash.
With SHA-256 you can create a hash that consists of 256 bits. For this, the text must be below 264 bits. Only then is it possible to keep the hash value random.
What is hashing used for? #
Because the input determines what the output (the hash) looks like, one can check whether the contents are equal to each other. This is especially useful for passwords, for example. Many databases convert passwords to a SHA-256 hash before storing them in the database. For example, people who have access to the database cannot see passwords. They only see the hash, which cannot be reversed. When someone enters his or her password, it is converted to the hash. An application then checks whether the hash of the entered password matches the hash of the password stored (in the database).
Hashing is also used as an integrity verification tool to ensure that data has not been altered in transit. Suppose you send an e-mail to someone, you can have it converted to a hash. Upon receipt, it is checked whether the hash of the received e-mail is equal to the hash of the sent e-mail. Isn’t that the case? Then someone modified the email along the way. When only one bit is changed, the hash looks completely different.
The SHA family #
SHA-256 is part of the SHA family. There are several hashing algorithms that fall under SHA:
- SHA-1;
- SHA-224;
- SHA-384;
- SHA-512;
- SHA-512/224;
- SHA-512/256;
- SHA3-224;
- SHA3-256;
- SHA3-384;
- SHA3-512.
SHA-256 was invented in 2001 by the National Security Agency (NSA) as a new variant of SHA-1. That was necessary, because SHA-1 became less secure and has since been broken. Each algorithm in the above list works in a slightly different way. It’s hard to say exactly what the difference is. The publisher of a hashing algorithm will never tell you exactly how an algorithm works. Then everyone could reverse the results.
The main difference is that SHA-256 results in a 256-bit string. Despite the fact that many new variants have been released after SHA-256, SHA-256 is still seen as the most secure and most user-friendly algorithm in the SHA family.
What is SHA-256 used for? #
You can use a hashing algorithm for different things. Yet we see that certain hashing algorithms are often used for specific functions. For example, one algorithm is used more often for password encryption than the other. In recent years, SHA-256 has become increasingly common.
Passwords #
SHA-256 is commonly used for hashing passwords. We have already explained how this works earlier in this article. A password is first converted to a SHA-256 hash before being stored in the database. For example, the password is protected from anyone who has access to the database.
SSL handshake #
SSL handshakes are also performed with SHA-256. An SSL handshake is the contact between the web server and browser. When a website has an SSL certificate (and https:// is in front of the URL), a secure connection to the website can be set up. This connection is set up using cryptography (encryption of data) and hashing (for which SHA-256 is used).
Integrity Verification #
SHA-256 checks whether data still looks the same when received as when it was sent, without having to look at the content. When the hash has changed between sending and receiving, it means the content has been tampered with.
Digital signature verification #
Digital signatures (also known as digital signatures) use an asymmetric encryption method to verify the integrity of a file. The private key and public key are used to create these digital signatures. This may sound familiar, because that’s how cryptocurrency security works. SHA-256 is used here.
SHA-256: Bitcoin (BTC) hashing algorithm #
Bitcoin uses SHA-256 as its hashing algorithm. Within the blockchain it is used for mining. Within the Bitcoin blockchain, it is the miners who control transactions and create blocks. They do this by providing computing power: the miners guess as many outcomes (hashes) as possible, until their hash is equal to the correct answer (also a hash).
Guessing hash results #
The hash rate is the number of combinations that a miner can guess per second. Often, the better the hardware, the higher the hash rate. Bitcoin would like each block to be ‘guessed’ in approximately the same amount of time. Now, Bitcoin’s network has grown considerably in recent years, which also means an increase in computing power. This would mean that the hash rate increases and blocks can be added faster. That’s not good, because the faster blocks are added, the more vulnerable the blockchain will be to outside attacks. There are therefore several reasons why the network can adjust the hash rate, as you can read in this article.
It is important to remember that the hash therefore contains all transactions within a block. An answer is already ready, which has also been converted to a hash. The SHA-256 hashing algorithm is used for this. So the computers have to try to match a lot of different SHA-256 with the actual solution. Can a miner do that? Then he can add his block to the blockchain and the miner receives a reward.
A chain of blocks #
In addition, SHA-256 creates a chain of blocks. Before a block is added to the blockchain, the hash of the previous block is added to the new block. After this, the new block is converted to a hash. This happens continuously for each block that is added. This creates a chain of blocks. We call this the blockchain.
When someone tries to change the contents of a block (for example, trying to give themselves more crypto), the hash of the block will change. This causes a break in the chain. All nodes in the Bitcoin network know that this version of the blockchain is incorrect and will therefore not adopt this version.
The pros and cons of SHA-256 #
Below you can see the main advantages and disadvantages of the SHA-256 hashing algorithm.
Pros #
- SHA-256 can only be used in one direction. You can convert input to a hash, but it is impossible to convert a SHA-256 back to the contents of the hash.
- The SHA-256 hashing algorithm is regarded by many large organizations (including NIST) as the most secure and most useful hashing protocol in the world.
- Many governments (including the United States and Australia) use SHA-256, which makes the hashing algorithm reliable.
- SHA-256 is not vulnerable to pre-image and second-pre-image attacks (we’ll spare you the technical details of these attacks).
- Generating hashes with SHA-256 is quite fast.
Cons #
We are not sure whether SHA-256 will always remain an unbreakable (and therefore safe) hashing algorithm. Should more powerful computers ever be developed, they could break the SHA-256 protocol (but we don’t know for sure).
How secure is SHA-256? #
SHA-256 is an extremely secure hashing algorithm. In fact, SHA-256 is considered one of the most secure hashing protocols in the world. The algorithm has never been broken to date and there are three different reasons why SHA-256 is so secure.
The first reason is that no one has yet managed to convert a hash back to its contents. Whenever possible, we say the algorithm is ‘broken’. A broken algorithm is not safe, and should never be used again. MD5 is a well-known algorithm that is not safe, but is (still) used very often. SHA-256 is therefore also protected against brute-force attacks.
The second reason is that a ‘collision’ is almost impossible. This is what we call an event where the hashes of two inputs are the same. There are 2^256 (more than the number of atoms in our universe) different possibilities for the hashes. The chance that a computer guesses a hash ‘by chance’ is therefore virtually impossible.
The third and final reason why SHA-256 is so secure is that a small change will result in a completely different hash. If you only change one bit, the result of the hash will look completely different.
Conclusion #
SHA-256 is one of many hashing algorithms you can use to encrypt data. Although it has been around since 2001, it is still considered one of the most secure hashing protocols. It is therefore not surprising that Bitcoin uses the SHA-256 hashing algorithm. SHA-256 is everyone for encrypting passwords, setting up an SSL connection, checking the integrity of files and verifying digital signatures.
Within the Bitcoin blockchain, SHA-256 is used for mining. Miners provide computing power and try to guess the hash. Did they find the right hash? Then they receive a mining reward. Also used is SHA-256 for creating a chain of blocks; the blockchain. Before adding a new block, the hash of the previous block is placed in the new block. Should anyone want to change the history of the blockchain, a breach will occur in the blockchain. All nodes will immediately notice this and see this version of the blockchain as untrustworthy.