Skip to content
Tech News
← Back to articles

We broke 92% of SHA-256 – you should start to migrate from it

2026-03-27 | original
read original get SHA-256 Hardware Wallet → more articles
Why This Matters

Recent cryptographic research has successfully broken 92% of SHA-256's security, indicating that the hash function is nearing vulnerability to collision attacks. This development underscores the urgent need for the industry to migrate to more secure hash algorithms to protect data integrity and security. As SHA-256's resilience diminishes, staying ahead with updated cryptographic standards becomes critical for both industry and consumers.

Key Takeaways

We broke 92% of SHA-256

Illustration of the many uses of SHA-256 in the security industry We broke 92% of SHA-256 Full 64 rounds, 43/48 schedule compliance. Robert Viragh1

State of Utopia

March 27, 2026 1 Email the author at: [email protected]

Sponsor

Abstract We broke 92% of SHA-256 across all 64 rounds. This is an unprecedented achievement across a new metric. We wrote a paper about it which was very well-received by leading cryptographers. What this means in practice is that SHA-256 can be expected to fall to collision attacks very soon. We recommend migrating to different hash families. Below, we present the complete write-up and all necessary files to reproduce our results. We separate the research writeup from this presentation to make it easy to link to the files, since links in PDF's are difficult to follow from a browser and in order to make this presentation easier to read quickly. The text below is different from the linked PDF.

Keywords SHA-256, differential cryptography, collision attack, semi-free-start, message schedule, SAT solving, precomputation, gap placement

Our full article

1. Introduction Secure hash functions are used to make a short version of a large file. Ideally, it has several properties including making it infeasible to find two files with the same cryptographic hash. We've just gotten 92% of the way there. This has security ramifications in that other researchers are expected to be able to complete the work through similar methods as explored in the paper. We weren't sure if this was a remarkable result, since it's not a full collision, but we shared the work with the leading cryptographer in the field, who holds the world records in reduced-round attacks, and got great encouragement to proceed to publish it as a paper, so we did so.

2. Methodology The main approach we used was complex analytical reasoning (i.e. new theorems) combined with low-level C programming. By creating new theorems we were able to uncover new relations and find the rest through a simple search taking minutes. Although our work was hard to produce, it was easy to extend. After starting with the sr=57 finding, we were able to extend it to sr=59 through a gap insertion, and solve the rest in minutes using a solver.

... continue reading

Explore topics: sha-256 collision attack cryptography sat solving hash families
Related:
Google Sets 2029 Deadline for Quantum-Safe Cryptography
Google bumps up Q Day estimate to 2029, far sooner than previously thought
Google’s future-proofing Android 17 against tomorrow’s quantum hackers
You Are Not Your Job
You are not your job

© 2026 GoKawiil

About | Editorial Policy | Contact