SHA-384 Hash Generator

Free online SHA-384 Hash Generator tool. 100% local processing — your data never leaves your device.

General
Password Hashing / KDF
Specialized
Deprecated
Output

Result will be displayed here...

Input Calculate Hash

Usage Guide

About SHA-384

SHA-384 is a member of the SHA-2 family, producing a fixed 384-bit (96 hexadecimal characters) hash value. It is a truncated variant of SHA-512, using the same internal structure but with different initialization values and a shorter output. SHA-384 is widely used in SSL/TLS certificates, code signing, and government security standards (NSA Suite B).

High Security: SHA-384 offers a 192-bit collision resistance level, making it significantly stronger than SHA-256 (128-bit). It is the required hash algorithm for NSA Suite B cryptography and is commonly used in high-security TLS certificates and ECDHE-ECDSA cipher suites. Recommended for government and financial applications that require higher security margins than SHA-256.

Usage Steps

SHA-384 is a one-way hash function that can only compute hash values and cannot be reversed:

1. Input ContentPaste the text or data to be hashed in the left input box
2. Calculate HashClick the 'Calculate Hash' button to compute locally using WebAssembly
3. Copy ResultClick the 'Copy' button on the right to get the 96-character hexadecimal hash value
Privacy Protection: All calculations are performed locally in your browser, data is never uploaded to servers, completely offline processing.

SHA-384 vs SHA-256 vs SHA-512

All three are members of the SHA-2 family. Here is a comparison:

SHA-256256-bit output (64 hex chars), 128-bit collision resistance, most widely used, best balance of security and performance
SHA-384384-bit output (96 hex chars), 192-bit collision resistance, truncated SHA-512, ideal for high-security certificates
SHA-512512-bit output (128 hex chars), 256-bit collision resistance, fastest on 64-bit systems, maximum security
SHA-384 and SHA-512 share the same internal computation: SHA-384 uses different initialization values and truncates the 512-bit output to 384 bits. On 64-bit processors, both are faster than SHA-256 because they use 64-bit word operations. SHA-384 is preferable when you need more security than SHA-256 but a shorter output than SHA-512. Both are specified in NIST FIPS 180-4.

FAQ

Q: When should I choose SHA-384 over SHA-256?

A: Choose SHA-384 in the following scenarios: 1) TLS certificates requiring higher security — SHA-384 is commonly paired with ECDSA P-384 keys in Suite B compliant systems. 2) Long-term data integrity — documents or archives that need to remain secure for decades. 3) Government and financial systems — regulations may require algorithms with higher collision resistance. For most web applications, SHA-256 remains the practical choice due to shorter output and broader compatibility.

Q: Is SHA-384 just a truncated SHA-512?

A: Technically yes, but with an important difference: SHA-384 uses different initialization values (IV) than SHA-512. Both algorithms apply the same round function with 80 rounds of 64-bit operations. After computing, SHA-384 discards the last 128 bits of the 512-bit internal state, producing the 384-bit output. The different IV prevents trivially extending the SHA-384 output to a full SHA-512 hash, which provides length-extension attack resistance similar to SHA-512/t variants.

Q: Does SHA-384 have any known vulnerabilities?

A: No. As of 2025, SHA-384 has no known practical attacks. The best theoretical attack on SHA-384 reduces the preimage complexity from 2^384 to 2^385 (a marginal improvement over brute force) and applies only to a reduced-round variant. Collision resistance at the 192-bit level remains intact. SHA-384 is considered safe for all current applications, including post-quantum scenarios where 192-bit classical security translates to roughly 96-bit quantum security.

Q: Can I use SHA-384 for password hashing?

A: No. Like all SHA-2 variants, SHA-384 is designed for speed, which makes it unsuitable for password storage. Modern GPUs can compute billions of SHA-384 hashes per second, making brute-force attacks fast even with salting. For password storage, use: Argon2id (OWASP recommended), bcrypt (cost ≥ 12), or PBKDF2-SHA384 (≥ 600k iterations). These algorithms have configurable work factors to resist brute-force attacks.

Q: How does SHA-384 perform compared to SHA-256?

A: On 64-bit systems, SHA-384 is typically faster than SHA-256 per byte of output, because both SHA-384 and SHA-512 operate on 64-bit words while SHA-256 uses 32-bit words. Benchmark example on modern hardware: SHA-256 ~500 MB/s, SHA-512/SHA-384 ~700 MB/s. On 32-bit systems or constrained environments, SHA-256 is faster. For most server-side applications, the performance difference is negligible.

Use Cases

Recommended: High-Security TLS Certificates

SHA-384 is the standard hash algorithm for TLS certificates using ECDSA P-384 keys, which are required by NSA Suite B and commonly used in government, financial, and defense applications. Let's Encrypt and major CAs support SHA-384 certificates. When creating a certificate signing request (CSR) with an EC P-384 key, most tools default to SHA-384 as the signature hash.

Recommended Configuration:
  • ✅ SHA-384 + ECDSA P-384 (Suite B compliant)
  • ✅ SHA-256 + ECDSA P-256 (standard web)
  • ✅ SHA-512 (maximum security)
  • ❌ Avoid SHA-1 (deprecated)
Recommended: Long-Term Document Integrity

For documents, archives, or data that must remain verifiable for 20+ years, SHA-384 provides a larger security margin against advances in computing. While SHA-256 is currently secure, future quantum computers with Grover's algorithm would reduce its effective security to 128 bits. SHA-384 would retain 192-bit classical and ~96-bit quantum security, offering a meaningful buffer.

Recommended Configuration:
  • ✅ SHA-384 or SHA-512 (long-term archives)
  • ✅ SHA-256 (current documents, 10-year horizon)
  • ❌ Avoid SHA-1 and MD5 (already broken)
Recommended: HMAC and Signature Schemes

HMAC-SHA384 is used in high-security API authentication, JWT tokens with HS384 algorithm, and AWS Signature Version 4 with SHA-256 as baseline (some services offer SHA-384). HMAC-SHA384 provides 192-bit security, suitable for applications where the HMAC key lifetime exceeds several years.

Recommended Configuration:
  • ✅ HMAC-SHA384 (high-security APIs)
  • HMAC-SHA256 (standard APIs)
  • ✅ Ed25519 / ECDSA P-384 (asymmetric signing)
  • ❌ Avoid HMAC-MD5 or HMAC-SHA1
Not Recommended: General-Purpose Web Applications

For typical web application hashing needs (file checksums, cache keys, deduplication), SHA-256 is the better choice due to shorter output, broader library support, and nearly identical security for practical purposes. SHA-384's extra 128 bits provide no meaningful benefit when the attacker model doesn't include long-term adversaries with quantum capabilities.

Recommended Configuration:
  • SHA-256 (standard web use)
  • BLAKE3 (high-performance use)
  • 💡 SHA-384 for high-security or compliance requirements

Choosing Between SHA-2 Variants

  • SHA-256: Default choice for most applications — best balance of security, performance, and compatibility.
  • SHA-384: Use when compliance (Suite B, FIPS) or long-term security margins require stronger than SHA-256.
  • SHA-512: Maximum security, best performance on 64-bit systems for large data, longest output.
  • Never use SHA-1 or MD5 for any security-sensitive purpose.

Discussion & Feedback

0 comments
Me