KeyChest Blog

What is the SHA-256 fingerprint?

Jun 14, 2019 1:42:08 PM / by Dan

It is a digital fingerprint we use to compare two documents or to check if a document has been changed.

 

It has a fixed length of 64 bytes (or characters, if you want), which encode 256 bits, each bit is either 0 or 1. Once calculated, it is unique for the data or file for which it has been created. While it is relatively short, it is practically impossible to compute any other document, which would have the same fingerprint.

The main properties of digital fingerprints, including SHA-256 are:

  1. It’s short - it is always 256 bits regardless of whether the original data is 100 bytes or 100 terabytes.
  2. It’s impossible to compute a different data which would have the same fingerprint.
  3. It’s impossible to compute the original data from the fingerprint.

What it DOES NOT do - it doesn’t necessarily protect against discovering the original data, if the original data comes from a sufficiently small set. Attackers can simply try all possible data values and find a match. Let's take ZIP codes as an example. There are less than 100,000 5-digit zip codes in the USA and 1,000,000,000 zip+4 codes. It's trivial for your laptop to calculated SHA-256 fingerprints of all of them and compare them to the one fingerprint you want to "reverse". This approach is used to create "rainbow tables" - fingerprint tables of all possible values - used to crack our passwords.

From practical point of view:

  • - It DOES “hide” the original data (with the caveat above).
  • - It simplifies data search - it can speed up database queries when they are done with fingerprints, rather than the data itself.
  • - It is fast to calculate.
  • - If it’s too long for you, you can use only part of the fingerprint and it still works (too much detail possibly, but beware of the birthday paradox if you don’t want to end up with collisions - Birthday problem - Wikipedia).

The name also denotes the function used to calculated it (SHA-256), which is one of the family of functions called SHA-2 and which includes SHA-224, SHA-256, SHA-384 and SHA-512, where the number indicates the size of the fingerprints.

Tags: identity, quora, password

Dan

Written by Dan