Trillions of calls per day — across your phone, your browser, and the infrastructure behind both.
Use case 1 — Trillions/day
Every TLS/SSL certificate uses SHA-256. Every time you see the lock icon in your browser, SHA-256 verifies the certificate is authentic and untampered. Let's Encrypt alone issues 10+ million certificates per day — all SHA-256.
Use case 2 — Billions of devices
Every time your phone connects to a cell tower, HMAC-SHA-256 derives the encryption keys securing your call and data. It's the mandatory key derivation function in both 4G LTE and 5G networks (3GPP standard).
Sources
3GPP TS 33.401 (LTE); 3GPP TS 33.501 (5G)
Use case 3 — ~600 EH/s
Bitcoin uses double-SHA-256 for block hashing, transaction verification, and proof-of-work mining. The "double" part? Likely a defense against the length extension attack — a weakness BLAKE3 doesn't have. The entire network performs ~600 exahashes per second of SHA-256.
Sources
Bitcoin whitepaper (Nakamoto, 2008); mempool.space (live hashrate)
Use case 4 — Every deploy
Every Docker image is identified by its SHA-256 digest — an immutable fingerprint for each layer. Linux package managers (apt, dpkg) verify packages with SHA-256 checksums. Apple's App Store uses it to verify every app download. Git is migrating from SHA-1 to SHA-256.
Sources
Use case 5 — Billions of messages
iMessage uses HMAC-SHA-256 for message authentication and key derivation. The Signal Protocol — powering both Signal and WhatsApp — uses SHA-256 in its key derivation chain. Your encrypted chats depend on it.
Use case 6 — Every API call
AWS Signature Version 4 signs every API request with SHA-256 — every S3 upload, every Lambda invocation, every DynamoDB query. Google Cloud and Azure use similar SHA-256-based authentication for service accounts.
Source
Use case 7 — Every 30 seconds
Authenticator apps generate 6-digit TOTP codes using HMAC-SHA-1 by default (RFC 6238), though newer systems increasingly support HMAC-SHA-256. Every 30 seconds, your phone computes a new hash-based code. Microsoft Entra ID, Google, and most enterprise 2FA systems support both.
Sources
Use case 8 — Every login
SHA-256 alone is too fast for password hashing — so PBKDF2 iterates it thousands of times to slow attackers down. WPA2 WiFi uses PBKDF2-SHA-1, while macOS FileVault and many enterprise login systems use PBKDF2-SHA-256. SHA-256 wasn't designed for this — the workaround is the point.
Sources
Use case 9 — Every email sent
DKIM signs outgoing emails with SHA-256 so recipients can verify the sender. Code signing certificates for macOS, Windows, and Android all use SHA-256. Most modern signed PDFs and verified app updates use SHA-256.
Sources
RFC 6376 (DKIM); RFC 8301 (SHA-1 deprecation for DKIM)
Use case 10 — Every download
Software distributors provide SHA-256 checksums for downloads. macOS Gatekeeper and Windows Authenticode verify executables with SHA-256. Backup systems use it for deduplication and corruption detection. But you must download the entire file before you can verify — BLAKE3's tree structure lets you verify chunks as they arrive.
Source
The takeaway
They need a fast, collision-resistant hash. BLAKE3 qualifies, and it's faster in software on every device without dedicated hardware.
Why it still dominates
SHA-256 has survived 25 years of the most intense cryptanalysis any hash function has ever faced — with zero practical breaks. It's NIST-standardized, FIPS-certified, and required by regulation in government, finance, and healthcare. Every modern phone and laptop has dedicated SHA-256 hardware instructions. For new projects without compliance requirements, BLAKE3 is the stronger choice. For everything else, SHA-256 isn't going anywhere — and that's not a failure.