SHA-384 Hash Generator
What is SHA-384?
SHA-384 is a member of the SHA-2 family, standardised by NIST in FIPS 180-4. It produces a 384-bit (96 hex character) digest. Internally, SHA-384 runs the same algorithm as SHA-512 but uses different initialisation constants and truncates the 512-bit output to 384 bits.
This truncation provides a practical security benefit: it eliminates length-extension attacks without needing to apply the hash twice (as Bitcoin does with SHA-256d).
Where SHA-384 is used
- TLS 1.3 — the
TLS_AES_256_GCM_SHA384cipher suite uses SHA-384 as its HMAC primitive - ECDSA-with-SHA384 — used in certificates that pair P-384 elliptic curve keys with SHA-384 signatures
- Subresource Integrity (SRI) — browsers support
integrity="sha384-…"attributes on<script>and<link>tags to verify CDN-loaded assets haven't been tampered with - High-assurance systems — government and financial systems that require security margins beyond SHA-256
How SHA-384 Works
SHA-384 shares its core engine with SHA-512. The key differences from SHA-256 are:
| Property | SHA-256 | SHA-384 |
|---|---|---|
| Word size | 32-bit | 64-bit |
| Block size | 512-bit | 1024-bit |
| Rounds | 64 | 80 |
| State size | 256-bit | 512-bit (truncated to 384) |
| Init constants | √ of primes 1–8 | Different constants (9th–16th primes) |
64-bit words mean each round mixes more bits at once, and the 1024-bit block size processes larger chunks per compression step. The 80-round schedule uses σ functions operating on 64-bit values, making the algorithm both more complex and more efficient on 64-bit CPUs than SHA-256.
The 384-bit output is simply the first 384 bits (6 of the 8 final 64-bit state words). Discarding 128 bits of the internal state is what prevents length-extension attacks.
SHA Hash Comparison
| Algorithm | Output | Security | Common Uses |
|---|---|---|---|
| SHA-1 | 160-bit / 40 chars | ❌ Deprecated | Legacy systems, Git (legacy) |
| SHA-256 | 256-bit / 64 chars | ✅ Current standard | TLS, JWT, Bitcoin, passwords |
| SHA-384 (this tool) | 384-bit / 96 chars | ✅ High security | TLS 1.3 cipher suites |
| SHA-512 | 512-bit / 128 chars | ✅ Highest in SHA-2 | High-security signatures |
Frequently Asked Questions
Is SHA-384 faster or slower than SHA-256?
On 64-bit hardware, SHA-384 is often faster than SHA-256 for large inputs because it processes 1024-bit blocks vs 512-bit blocks — fewer compression calls for the same data. SHA-256 uses 32-bit words and is faster on 32-bit systems.
Is SHA-384 more secure than SHA-256?
For practical purposes, both are secure against all known attacks. SHA-384's larger output provides a higher security margin (192-bit collision resistance vs 128-bit for SHA-256), which matters for long-term archiving and high-value signing keys.
What is Subresource Integrity (SRI) and how does SHA-384 relate?
SRI lets you add integrity="sha384-<base64hash>" to a <script> or <link> tag. The browser verifies the fetched file matches the hash before executing it, protecting against CDN compromise. SHA-384 is the most commonly recommended algorithm for SRI because it balances security and output size.
Can I reverse a SHA-384 hash?
No. Like all SHA-2 variants, SHA-384 is a one-way function. No feasible algorithm exists to recover the original input.
