Why SHA256 hashes finish with " = "?

Asked 5/6, 2015 at 12:31 Answered 5/6, 2015 at 12:41

I've made a Webservice which returns a security Token after a successful authentification.

However when debugging I noticed that every hash the webservice returned finishes with "=" such as:

"tINH0JxmryvB6pRkEii1iBYP7FRedDqIEs0Ppbw83oc="
"INv7q72C1HvIixY1qmt5tNASFBEc0PnXRSb780Y5aeI="
"QkM8Kog8TtCczysDmKu6ZOjwwYlcR2biiUzxkb3uBio="
"6eNuCU6RBkwKMmVV6Mhm0Q0ehJ8Qo5SqcGm3LIl62uQ="
"dAPKN8aHl5tgKpmx9vNoYvXfAdF+76G4S+L+ep+TzU="
"O5qQNLEjmmgCIB0TOsNOPCHiquq8ALbHHLcWvWhMuI="
"N9ERYp+i7yhEblAjaKaS3qf9uvMja0odC7ERYllHCI="
"wsBTpxyNLVLbJEbMttFdSfOwv6W9rXba4GGodVVxgo="
"sr+nF83THUjYcjzRVQbnDFUQVTkuZOZYe3D3bmF1D8="
"9EosvgyYOG5a136S54HVmmebwiBJJ8a3qGVWD878j5k="
"8ORZmAXZ4dlWeaMOsyxAFphwKh9SeimwBzf8eYqTis="
"gVepn2Up5rjVplJUvDHtgIeaBL+X6TPzm2j9O2JTDFI="

Why such a behavior ?

Avery answered 5/6, 2015 at 12:31 Comment(6)

The SHA key is an integer, here this is probably a base64 encoding of the key. Since the key is 256 bits wide, or 32 bytes, it will be encoded as roughly 4/3 * 32 ~= 43 characters. – Inexpiable 5/6, 2015 at 12:35

Why are they only 44 characters long? What base are you encoding them in? – Jaggy 5/6, 2015 at 12:37

@Jaggy The answer is just above. – Inexpiable 5/6, 2015 at 12:39

That's strange; when I encode my SHA256 outputs in base64, they are always 64 characters long. – Jaggy 5/6, 2015 at 12:40

@Jaggy Then either it's not sha256, either it's not base64 : for example, a sha512 key will be 64 bytes wide, but that would be around 85 characters in base64. A sha384 key would indeed be encoded as 64 characters in base64. Look here for the variants of SHA – Inexpiable 5/6, 2015 at 12:41

@Avery I edited to show the string length, and now I have a question : there are strings of 44 characters, and strings of 43. Are you sure you copied them correctly? – Inexpiable 6/6, 2015 at 7:56

This is because you don't see the raw bytes of the hash but rather the Base64 encoding.

Base64-encoding converts a block of 3 bytes to a block of four characters. This works well if the number of bytes is divisible by 3. If it is not, then you use a padding-character so the number of resulting characters is still divisible by 4.

So:

(no of bytes)%3 = 0  => no padding needed
(no of bytes)%3 = 1  => pad with ==
(no of bytes)%3 = 2  => pad with =

A SHA256-hash is 256 bit, that's 32 bytes. So you will get 40 characters for the first 30 bytes, 3 characters for the last 2 bytes and the padding will always be one =.

Aviary answered 5/6, 2015 at 12:41 Comment(1)

I agree with the answer, of course, but I can't explain why the strings in the question are not all the same length. Maybe a mistake of the OP? – Inexpiable 6/6, 2015 at 7:53

These strings are encoded using base64, = characters are used as paddings, to make the last block of a base64 string contains four characters.

The following Ruby code could be used to get base64 decoded string:

require 'base64'

s = "tINH0JxmryvB6pRkEii1iBYP7FRedDqIEs0Ppbw83oc="
puts Base64.decode64(s).bytes.map{|e| '%02x' % e}.join

Output: b48347d09c66af2bc1ea94641228b588160fec545e743a8812cd0fa5bc3cde87

Conqueror answered 5/6, 2015 at 12:36 Comment(0)

Recommended topics

Hot tags