Wrong SHA-256 for files bigger then 512 MB about crypto-js HOT 6 CLOSED

You're right. Hash functions like SHA and MD5 append the message length in bits 
to the end of the message. By definition, that length is a 64-bit number. But 
several JS implementations, including CryptoJS, counted using only a 32-bit 
number. That decision was partly for simplicity, partly because it was hard to 
imagine using JavaScript to hash 512 MB or more. Nonetheless, it's a flaw, and 
I'll have it corrected.

My colegue found a solution. Change the line 135 of the sha256.js file from:

dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;

to:

dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 
4294967296);
dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal & 0xFFFFFFFF;

(Sorry I don't have the diff file...)

Yes, that's definitely an improvement. JavaScript numbers are 64-bit floating 
point (aka double), so we get 53-bits before we start losing precision. Your 
colleague increased possible message lengths from 32 to 53-bits. I'll also look 
into a fix to get the full 64-bits.

I think I'm seeing this issue for SHA1 and MD5. 53bits doesn't sound to shabby. 
Not sure anyone wants to hash more than a petabyte in js anytime soon. I 
definitely don't need the full two exabytes ;-)

Latest release includes your colleague's solution.

Great! Many thanks!