SHA-256

SHA-256 belongs to the SHA-2 family of cryptographic hashes. It produces the 256 bit digest of a message.

>>> from Crypto.Hash import SHA256
>>>
>>> h = SHA256.new()
>>> h.update(b'Hello')
>>> print h.hexdigest()

SHA stands for Secure Hash Algorithm.

Warning

SHA-256 is vulnerable to length-extension attacks, which are relevant if you are computing the hash of a secret message.

For instance, let’s say you were planning to build a cheap MAC by concatenating a secret key to a public message m (bad idea!):

\[h = \text{SHA-256}(m || k)\]

By only knowing the digest h and the length of m and k, the attacker can easily compute a second digest h’:

\[h' = \text{SHA-256}(m || p || z)\]

where p is a well-known bit string and the attacker can pick a bit string z at will.