- hash sha-256 probability
- Updated Sat, 21 May 2022 11:25:57 GMT

In theory, there are infinite inputs, that you can hash with SHA-256. So theoretically it would be possible that one hash string would read `0xaaaaaaaa...`

But would that also be possible practically, or do the algorithms check that this is not happening?

First of all, the output of SHA-256 is binary and consists of 32 bytes (256 denotes the output size in bits). What you are talking about is apparently the hexadecimal encoding of these bytes.

The possibility that you are talking about is called (1st) pre-image resistance (Wikipedia):

Given a hash value $h$, it should be difficult to find any message $m$ such that $h = \text{H}(m)$.

("difficult" is a non-technical term here, generally we use "computationally infeasible", obviously there will be messages that map to any hash value, the difficulty is finding them for a one-way hash)

No, the algorithms do not check this explicitly, because the algorithm by itself needs to be resistant against it. Furthermore, the repetition of certain bits is not that special all by itself. It would be unclear what you would need to test for.

"But would that also be possible practically" well, no, unless SHA-2 gets broken. Generally it is **collision resistance** that gets broken first. That means finding a hash where $\text{H}(m) = \text{H}(m')$ for any $m$ and $m'$. This is easier to attack because an attacker can try and find weaknesses in the algorithm that create an internal collision while controlling both $m$ and $m'$. SHA-256 is still considered secure in this regard.

- +9 – Note that bitcoin mining is about finding hashes that start with a certain pattern (zero valued bits if I remember correctly). The miners perform a huge amount of hashes to find one that matches; they cannot find a hash that has one specific value. Once found it is easy to verify that the input data creates the hash pattern of course. This is called the "proof of work" as finding one by accident within an assigned block of input data (just a range of numbers) is exceedingly unlikely. — Apr 29, 2021 at 13:41
- +5 – @MaartenBodewes: bitcoin mining searches for a hash that treated as a 256-bit unsigned number is less than 'target' = 2^224/difficulty where difficulty is a floating-point number computed periodically by an adaptive algorithm to try to keep the average block time near 10 minutes. Having 256-ceil(log2(target)) leading 0 bits is necessary but not sufficient. — Apr 30, 2021 at 01:28
- +2 – Yeah, OK, there are some leading zero's in that most significant bit ;) — Apr 30, 2021 at 07:02
- +0 – While I agree with the general gist, I most certainly isn't obvious that there will be messages that map to any value. It's not even necessarily true. It is not known whether SHA 256 is onto and it's certainly possible it isn't. — May 01, 2021 at 19:38
- +0 – I think you mean "every value". Just like with hobbs answer and the comment below, I don't think that should influence my answer at all. Note that with the structure of SHA-256 and the not-quite-infinite-but-still-very-large input space, I would expect many messages to map to each SHA-256 value - even though we only find / use a very small % of the output space. — May 03, 2021 at 07:41