SHA-256 is a cryptographic hashing algorithm used to encrypt and store sensitive data sent over the internet. Almost all modern websites store users passwords not in plaintext but as a hash of the actual password. The advantage then being that if a hacker gained access to their database, they would not be able to view the users passwords. While this usage seems small, Bitcoin and many other cryptocurrencies rely on this hashing algorithm in almost every aspect of their respective blockchains. Not only that but these cryptocurrencies are also currently valued at hundreds of millions of dollars. With that amount of money tied to a single hashing algorithm it makes one wonder, just how secure or "hard to break" is it?
What is a Hashing Function?
A hash function is simply a function that takes an input value and creates or outputs a value deterministic only of the input value. That is to say that for any
x input value, you will always receive the same
y output or hash value. In this way, every input has a single determined output. Here is an example of an
md5('Hello Andrew') = 9634d00a8b91d275201dcea8f8523a82
The single most important aspect of any hashing function is that they are generally irreversible or "one-way". This means you can’t figure out the input if you only know the output or "hash". That is unless of course you brute-force by trying every possible input. The SHA-256 algorithm takes an input value and returns a unique 256-bit (32-byte) signature for the input. That means for any given input there are 2256 possible outputs.
How Big is 2256 Exactly?
The chances of guessing the input of a SHA-256 hash is 1 in over 115 quattuorvigintillion (that’s a 78 digit number). Or more technically...
1 in 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
This number is bigger than the number of atoms in the perceivable universe. And not by just a little bit either. In fact it still exponentially bigger! This number is so big that the human mind literally can’t even begin to comprehend how big it is. Your financial and cryptographic transactions are secure because of how big this is. Only a fool would attempt to brute force this many possible combinations.
Again the chances of guessing the input to a SHA-256 hash is so big that it can't be overstated enough. If you're still not convinced or having trouble visualizing these chances then watch this well done video that attempts to help you perceive this number.