YoSin Tools

SHA512/256 Hash Generator

Compute SHA-512/256 hashes online. Uses the fast 64-bit SHA-512 core with a 256-bit output — typically 30–50% faster than SHA-256 on 64-bit hardware. Supports all input encodings and HMAC.

Input
Output
Share Link
Settings
Hash

Related Hash Tools

SHA512/224224-bit variant SHA512Full 512-bit SHA256SHA-256 core SHA512/256 FileHash from file SHA384384-bit SHA-2

Frequently Asked Questions

What is SHA-512/256?
SHA-512/256 uses the SHA-512 computation engine with different initialization constants and truncates the output to 256 bits (64 hex characters). Defined in FIPS 180-4, it is independent of SHA-256 — same output length, different algorithm, different digests for the same input.
Is SHA-512/256 faster than SHA-256?
On 64-bit CPUs, yes — typically 30–50% faster. 64-bit processors execute SHA-512's 64-bit word operations natively. SHA-256 uses 32-bit words, requiring more operations per byte on 64-bit hardware. On 32-bit systems the advantage reverses.
SHA-512/256 vs SHA-256 — same output length, different values?
Correct. Both produce 64-character hex strings (256 bits), but they are different algorithms. SHA-512/256 uses a different IV and the SHA-512 core. SHA-256 uses its own IV and core. For the same input, SHA-512/256 and SHA-256 will produce completely different digests.
Which systems support SHA-512/256?
OpenSSL supports it via EVP_sha512_256() and openssl dgst -sha512-256. Java 9+ supports it as SHA-512/256. Python's hashlib supports it as hashlib.new('sha512_256'). PostgreSQL uses it internally for some operations. TLS and most web protocols use SHA-256 instead.

About SHA512/256 Hash Generator

SHA-512/256 is a truncated variant of SHA-512, defined in FIPS 180-4 alongside SHA-512/224. It computes the SHA-512 algorithm with a unique initialization vector derived from the string "SHA-512/256" using the IV generation function, then truncates the 512-bit output to 256 bits. The result is a 256-bit (64 hex character) digest that is independent of both SHA-256 and SHA-512 outputs.

Performance on 64-bit Hardware

The primary advantage of SHA-512/256 over SHA-256 is throughput on 64-bit hardware. Modern processors natively execute 64-bit arithmetic in single operations. SHA-512 uses eight 64-bit state variables processed in 80 rounds, while SHA-256 uses eight 32-bit variables in 64 rounds. On a typical x86-64 server, SHA-512/256 hashes data at approximately 1.3–1.7× the speed of SHA-256, while producing the same 256-bit output length.

Security Properties

SHA-512/256 provides 256 bits of preimage resistance and 128 bits of collision resistance — identical to SHA-256. No practical attacks against SHA-512/256 are known. The different initialization vector compared to SHA-512 means that SHA-512/256 is a domain-separated hash: even if a weakness were found in SHA-512, it would not automatically apply to SHA-512/256, and vice versa. This property makes it slightly more conservative than simple SHA-512 truncation.

Practical Adoption

Despite its performance advantages, SHA-512/256 has limited adoption in standard protocols. TLS, JWT, S/MIME, and most software package formats specify SHA-256 or SHA-512. SHA-512/256 is used internally by some database systems and is supported by cryptographic libraries. If you are choosing a hash function for a new system and need 256-bit output with maximum throughput on 64-bit servers, SHA-512/256 is worth considering. Otherwise SHA-256 offers better library and protocol compatibility.

Difference from SHA-512 Truncation

A naive approach to getting 256 bits from SHA-512 would be to take the first 32 bytes of a SHA-512 digest. SHA-512/256 is better: it uses a different IV, ensuring that the output is not recoverable from SHA-512 output and that the two algorithms are computationally independent. This domain separation is a deliberate security property specified in FIPS 180-4.