Python SHA-256 Hash Generator
Generate SHA-256 hashes and verify them against your Python hashlib output. Paste text to hash it instantly, then use the Python code examples for strings, files, and HMAC. All hashing runs in your browser via Web Crypto API.
Hash Generator
Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes using the Web Crypto API.
How to generate SHA-256 hashes in Python
Python's hashlib module provides SHA-256: import hashlib; hash = hashlib.sha256(b'Hello World').hexdigest(). For strings, encode first: hashlib.sha256('Hello World'.encode('utf-8')).hexdigest(). For large files, read in chunks: h = hashlib.sha256(); with open('file', 'rb') as f: for chunk in iter(lambda: f.read(8192), b''): h.update(chunk); print(h.hexdigest()). The update() method lets you hash data incrementally without loading everything into memory.
# Python — generate SHA-256 hash
import hashlib
# Hash a string
text = "Hello, World!"
hash_hex = hashlib.sha256(text.encode("utf-8")).hexdigest()
print(hash_hex)
# "dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f"
# Hash a file
def file_sha256(filepath):
sha256 = hashlib.sha256()
with open(filepath, "rb") as f:
for chunk in iter(lambda: f.read(8192), b""):
sha256.update(chunk)
return sha256.hexdigest()
print(file_sha256("document.pdf"))Python HMAC-SHA256 for API authentication
Many APIs (AWS, Stripe webhooks, GitHub) use HMAC-SHA256 for request signing: import hmac; signature = hmac.new(secret.encode(), message.encode(), hashlib.sha256).hexdigest(). To verify a webhook: expected = hmac.new(key, payload, hashlib.sha256).hexdigest(); if hmac.compare_digest(expected, received_signature): # Valid. Always use hmac.compare_digest() instead of == to prevent timing attacks. For AWS Signature V4, Python's boto3 handles HMAC signing automatically.
SHA-256 for password hashing in Python
While SHA-256 is a secure hash, do NOT use plain SHA-256 for passwords — it is too fast and vulnerable to brute force. Use purpose-built password hashing: import bcrypt; hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()). Or use hashlib.pbkdf2_hmac('sha256', password.encode(), salt, 100000) which uses SHA-256 internally with key stretching. For new projects, argon2-cffi is the recommended choice. Use this tool to generate SHA-256 hashes for checksums, data integrity, and non-password applications.
Frequently Asked Questions
How do I generate a SHA-256 hash of a file in Python?
Read the file in binary chunks: h = hashlib.sha256(); with open('file.bin', 'rb') as f: for chunk in iter(lambda: f.read(8192), b''): h.update(chunk); print(h.hexdigest()). This handles files of any size without loading them entirely into memory.
Is hashlib.sha256() safe for passwords?
No. Plain SHA-256 is too fast for password hashing, making it vulnerable to brute-force attacks. Use bcrypt, scrypt, or argon2 instead — they are intentionally slow and include salt. hashlib.pbkdf2_hmac('sha256', ...) with 100,000+ iterations is also acceptable.
How do I verify an HMAC-SHA256 signature in Python?
Use hmac.compare_digest(): expected = hmac.new(secret_bytes, message_bytes, hashlib.sha256).hexdigest(); is_valid = hmac.compare_digest(expected, received_sig). Never use == for signature comparison — it is vulnerable to timing attacks.
Related Generate Tools
HTML Table Generator
Build HTML tables visually with an interactive editor — add rows, columns, header rows, captions, and styling. Export as plain HTML, inline CSS, or Tailwind classes
CSS Clip-path Generator
Create CSS clip-path shapes visually — circle, ellipse, inset, or polygon with draggable points. 13 shape presets, interactive preview, and production-ready CSS output
CSS Filter Generator
Build CSS filter effects visually — blur, brightness, contrast, grayscale, hue-rotate, invert, opacity, saturate, sepia, and drop-shadow with 12 presets and live preview
UUID Generator
Generate random UUID v4 identifiers in bulk