SHA-256 is a cryptographic hash function that takes any input and produces a fixed 256-bit (64-character) output, used to verify data integrity. It is one-way, meaning you cannot reverse the hash back into the original data.
SHA-256 stands for Secure Hash Algorithm with a 256-bit output. It's a cryptographic hash function, which means it takes any input (a file, a password, a whole movie) and spits out a fixed-length string of 256 bits, written as 64 hexadecimal characters. Change one tiny thing in the input and the output looks completely different.
Here's the part that trips people up: SHA-256 is not encryption. Encryption is two-way (you encrypt, then decrypt back to the original). Hashing is one-way. There's no "un-hash" button. You can't take the 256-bit output and work backward to recover the file. That one-way property is exactly why it's useful for checking whether data has been tampered with. You hash the original, you hash it again later, and if the two hashes match, the data is unchanged.
SHA-256 lives in Unit 5: Securing Applications and Data, under topic 5.3 (Protecting Stored Data with Cryptography). It supports learning objective AP Cybersecurity 5.3.A, which is about using cryptography to protect files. While EK 5.3.A.1 frames cryptography as hiding information through encryption and decryption, hash functions like SHA-256 serve the partner goal of integrity, proving data hasn't been altered. Cryptography on the exam isn't just about secrecy; it's also about trust, and SHA-256 is the tool that lets you trust a file is what it claims to be.
Keep studying AP Cybersecurity Unit 5
Visual cheatsheet
view galleryCryptographic hash functions (Unit 5)
SHA-256 is just one specific cryptographic hash function. Understand the general category first (one-way, fixed output, tamper-detection), and SHA-256 becomes the concrete example you can name on the exam.
Collision resistance (Unit 5)
A good hash function should make it nearly impossible to find two different inputs that produce the same output. SHA-256 is considered collision-resistant, which is precisely why it replaced older functions that broke.
MD5 and SHA-1 (Unit 5)
These are older hash functions that are now broken because researchers found collisions. SHA-256 is the secure upgrade you reach for instead, so knowing the failures of MD5 and SHA-1 explains why SHA-256 exists.
AES (Unit 5)
AES and SHA-256 sound similar but do opposite jobs. AES is reversible encryption for hiding data; SHA-256 is a one-way hash for verifying data. Pairing them helps you keep the secrecy-versus-integrity distinction straight.
Expect SHA-256 to show up in multiple-choice questions that test whether you know the difference between hashing and encryption. A classic trap stem describes "protecting a password" or "verifying a download" and asks you to pick the right tool; if the goal is checking that data hasn't changed, the answer points to a hash like SHA-256, not AES. You should be able to state that SHA-256 produces a fixed 256-bit output, is one-way, and is used for integrity. No released FRQ uses the term verbatim, but a cryptography prompt under 5.3 could ask you to justify when to use a hash versus an encryption algorithm, so be ready to explain the purpose, not just the name.
AES is symmetric encryption: it's two-way, uses a key, and you can decrypt the ciphertext back to the original plaintext. SHA-256 is a hash: it's one-way, uses no key, and you can never recover the input. AES hides data so others can't read it; SHA-256 fingerprints data so you can tell if it changed.
SHA-256 is a cryptographic hash function that turns any input into a fixed 256-bit (64 hex character) output.
SHA-256 is one-way, so you cannot reverse the hash to recover the original data, which is the opposite of encryption.
Its main job is integrity: hash a file twice, and matching hashes prove the data was not altered.
SHA-256 is collision-resistant, meaning it's extremely hard to find two inputs with the same hash, unlike the broken MD5 and SHA-1.
On the exam, choose SHA-256 (a hash) for verifying data and AES (encryption) for hiding data.
SHA-256 is a cryptographic hash function in Unit 5 that takes any input and produces a fixed 256-bit output, used to verify that data has not been changed. It's a one-way function, so the original input can't be recovered from the hash.
No. Encryption is two-way and lets you decrypt back to the original; SHA-256 is one-way hashing with no decrypt step. SHA-256 checks integrity (did the data change?), while encryption like AES provides secrecy (can others read it?).
AES is symmetric encryption that uses a key and can be reversed with decryption. SHA-256 is a keyless hash function that can never be reversed. Use AES to hide data and SHA-256 to verify it.
MD5 and SHA-1 are considered broken because researchers found collisions, meaning two different inputs that hash to the same value. SHA-256 is collision-resistant and produces a larger 256-bit output, making it the secure replacement.
No, that's the whole point of a hash being one-way. There is no decrypt button for SHA-256; you can only hash a new input and compare it to an existing hash to check if they match.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.