Reputation: 9476
Is there a limit on the message size for SHA-256?
When hashing a string, like a password, with SHA-256, is there a limit to the length of the string I am hashing? For example, is it only "safe" to hash strings that are smaller than 64 characters?
Upvotes: 59
Views: 46749
Answers (4)
Reputation: 113
So funny ya'll talk here about "File Size". While the question was amount of "Characters".
for example:
- A password will not be 2.3 exabytes. The reason for setting maximum length, possibility of a denial of service attack.
- Someone could feed exabytes into an password field, pushing your server CPU or memory to it's limits, which would impact traffic a lot.
So to answer this question, I would say:
"No there's no real limit for hashing, you could put millions of characters inside"
Although: "There's A maximum amount of characters we set for a password field"
So we can prevent these denial of service attacks.
Upvotes: 0
Reputation: 5636
The upper limit is given in the NIST Standard FIPS 180-4. The reason for the upper limit is the padding scheme to countermeasure against the MOV attack that Merkle-Damgard construction's artifact. The message length l is lastly appended to the message during padding.
Then append the 64-bit block that is equal to the number
lexpressed using a binary representation
Therefore by the NIST standard, the maximum file size can be hashed with SHA-256 is 2^64-1 in bits ( approx 2.305 exabytes - that is close to the lower range of the estimated NSA's data center in UTAH, so you don't need to worry).
NIST enables the hash of the size zero message. Therefore the message length starts from 0 to 2^64-1.
If you need to hash files larger than 2^64-1 then either use SHA-512 which has 2^128-1 limit or use SHA3 which has no limit.
Upvotes: 3
Reputation: 490573
There is technically a limit, but it's quite large. The padding scheme used for SHA-256 requires that the size of the input (in bits) be expressed as a 64-bit number. Therefore, the maximum size is (264-1)/8 bytes ~= 2'091'752 terabytes.
That renders the limit almost entirely theoretical, not practical.
Most people don't have the storage for nearly that much data anyway, but even if they did, processing it all serially to produce a single hash would take an amount of time most would consider prohibitive.
A quick back-of-the-envelope kind of calculation indicates that even with the fastest enterprise SSDs currently1 listed on Tom's hardware, and striping them 16 wide to improve bandwidth, just reading that quantity of data would still take about 220 years.
1. As of April 2016.
Upvotes: 93
Reputation: 60962
There is no such limit, other than the maximum message size of 264-1 bits. SHA2 is frequently used to generate hashes for executables, which tend to be much larger than a few dozen bytes.
Upvotes: 7
Related Questions
- How large of a String does Sha256 produce?
- What is the maximum number of SHA-1 hashes?
- SHA-256 does bit append still required if input is already N x 512 bit?
- Why is the maximum message size of the SHA-1 hash function (2^64) - 1 bits?
- Is there a size limit of email message I can put in through "Create draft email" web API (Screen CO409010)?
- What is the RabbitMQ message max size can stored?
- Will a SHA256 hash always have 64 characters?
- SHA256: Padding a 512 bits length message
- is there a maximum android.os.Message.obj size?
- maximum size of email message