HS256 is the most widely used signing algorithm in the JWT ecosystem.
If you've ever generated a JWT using a library such as jsonwebtoken, jose, or an authentication provider, there's a good chance you've already used HS256.
It is simple, fast, and easy to implement, making it an excellent choice for many applications.
However, HS256 is also frequently misunderstood. Many JWT vulnerabilities are not caused by weaknesses in the algorithm itself, but by poor secret management and incorrect implementation.
This chapter explains how HS256 works, when it should be used, and when another algorithm may be a better choice.
The name HS256 can be broken into two parts.
More formally:
HS256 = HMAC-SHA256
HS256 uses a shared secret to both sign and verify JWTs.
This makes it a symmetric signing algorithm.
With symmetric cryptography, both parties use the same secret key.
Shared Secret
│
┌────────┴────────┐
▼ ▼
Sign Verify
The server signs the JWT using the secret.
Later, the same secret is used to verify the signature.