SHA-256

SHA-256 belongs to the SHA-2 family of cryptographic hashes. It produces the 256 bit digest of a message.

>>> from Crypto.Hash import SHA256
>>>
>>> h = SHA256.new()
>>> h.update(b'Hello')
>>> print h.hexdigest()

SHA stands for Secure Hash Algorithm.

Warning

SHA-256 is vulnerable to length-extension attacks, which are relevant if you are computing the hash of a secret message.

For instance, let’s say you were planning to build a cheap MAC by concatenating a secret key to a public message m (bad idea!):

\[h = \text{SHA-256}(m || k)\]

By only knowing the digest h and the length of m and k, the attacker can easily compute a second digest h’:

\[h' = \text{SHA-256}(m || p || z)\]

where p is a well-known bit string and the attacker can pick a bit string z at will.

class Crypto.Hash.SHA256.SHA256Hash(data=None)

A SHA-256 hash object. Do not instantiate directly. Use the new() function.

Variables:

  • oid (string) – ASN.1 Object ID

  • block_size (integer) – the size in bytes of the internal message block, input to the compression function

  • digest_size (integer) – the size in bytes of the resulting hash

copy()

Return a copy (“clone”) of the hash object.

The copy will have the same internal state as the original hash object. This can be used to efficiently compute the digests of strings that share a common initial substring.

Returns:

A hash object of the same type

digest()

Return the binary (non-printable) digest of the message that has been hashed so far.

Returns:

The hash digest, computed over the data processed so far. Binary form.

Return type:

byte string

hexdigest()

Return the printable digest of the message that has been hashed so far.

Returns:

The hash digest, computed over the data processed so far. Hexadecimal encoded.

Return type:

string

new(data=None)

Create a fresh SHA-256 hash object.

update(data)

Continue hashing of a message by consuming the next chunk of data.

Parameters:

data (byte string/byte array/memoryview) – The next chunk of the message being hashed.

Crypto.Hash.SHA256.new(data=None)

Create a new hash object.

Parameters:

data (byte string/byte array/memoryview) – Optional. The very first chunk of the message to hash. It is equivalent to an early call to SHA256Hash.update().

Return:

A SHA256Hash hash object