SHA-384 Hash Generator

Generate SHA-384 hash from any text

Input Text

Runs locally · Safe to paste secrets

SHA-384 Hash

SHA-384 hash will appear here…

Also try:MD5 Hash Generator SHA-1 Hash Generator SHA-256 Hash Generator SHA-512 Hash Generator HMAC Generator Hash Identifier

What Is SHA-384 Hashing?

SHA-384 is a cryptographic hash function defined in NIST FIPS 180-4 as part of the SHA-2 family. It accepts an input of arbitrary length and produces a fixed 384-bit (48-byte) message digest, typically displayed as a 96-character hexadecimal string. SHA-384 is widely used in TLS cipher suites, digital certificate signatures, and government systems that require a higher collision-resistance margin than SHA-256 provides.

Internally, SHA-384 is a truncated variant of SHA-512. It uses the same 1024-bit block size, 80 compression rounds, and 64-bit word arithmetic as SHA-512, but starts with a different set of initial hash values (derived from the 9th through 16th primes) and outputs only the first 384 bits of the final state. This truncation means SHA-384 produces a different digest from SHA-512 for identical inputs, despite sharing the same core algorithm.

Because SHA-384 operates on 64-bit words, it runs faster than SHA-256 on modern 64-bit processors while delivering a larger digest. This makes it a practical middle ground: stronger than SHA-256 (192-bit collision resistance vs. 128-bit) without the storage overhead of SHA-512's 128-character hex output. SHA-384 is the default hash for TLS 1.3 certificate verify signatures and is required by NSA Suite B (now CNSA) for TOP SECRET data.

Why Use an Online SHA-384 Generator?

Generating SHA-384 hashes typically requires a terminal command or writing code. This browser-based tool lets you compute SHA-384 digests instantly without installing anything or sending data to a server. Whether you need to generate an SRI hash for a CDN asset, verify a file checksum, or compare SHA-384 output against SHA-256 for the same input, this tool gives you an immediate, dependency-free way to work with SHA-384 digests in any modern browser.

⚡

Instant browser computation

Paste text and get a 96-character SHA-384 hash immediately. The Web Crypto API handles the computation natively in your browser with no external dependencies.

🔒

Privacy-first hashing

Your input never leaves your device. All hashing runs locally via the Web Crypto API — no server requests, no logging, no data retention.

📋

Copy-ready output formats

Switch between lowercase and uppercase hex output with one click. Copy the hash to your clipboard for use in checksum files, configuration, or documentation.

🔍

No account or installation

Works in any modern browser — Chrome, Firefox, Safari, Edge. No sign-up, no extension, no CLI setup required.

SHA-384 Hash Generator Use Cases

TLS Certificate Verification

TLS 1.2 and 1.3 use SHA-384 in certificate signature verification and the PRF (pseudorandom function). Compute SHA-384 digests to validate certificate fingerprints against expected values during security audits.

Subresource Integrity (SRI)

Generate SHA-384 hashes for JavaScript and CSS files loaded from CDNs. The integrity attribute in script and link tags uses Base64-encoded SHA-384 by default in most SRI generators.

Government and Compliance Systems

CNSA (formerly NSA Suite B) mandates SHA-384 for protecting classified information. Generate hashes to verify document integrity in compliance workflows that require FIPS 180-4 algorithms.

File Integrity Checking

Compute SHA-384 checksums for firmware images, software releases, or configuration files. Compare the hash before and after transfer to detect corruption or tampering.

HMAC-SHA384 Key Derivation

SHA-384 pairs with HMAC for message authentication in protocols like IPsec and TLS. Use this tool to verify expected hash outputs when debugging HMAC-SHA384 implementations.

Academic Cryptography Exercises

Students studying the SHA-2 family can compare SHA-384 output against SHA-256 and SHA-512 for the same input to observe how different initial vectors and truncation produce distinct digests.

SHA-2 Family Variant Comparison

SHA-384 belongs to the SHA-2 family alongside several other variants. The table below shows how they differ in digest size, output length, and typical applications.

Variant	Digest	Hex Length	Bytes	Best For
SHA-384	384 bits	96 hex chars	48 bytes	TLS 1.2/1.3, government/CNSA, certificate signatures
SHA-256	256 bits	64 hex chars	32 bytes	TLS, blockchain, code signing, JWTs, SRI
SHA-512	512 bits	128 hex chars	64 bytes	Digital signatures, HMAC with large keys
SHA-224	224 bits	56 hex chars	28 bytes	Truncated SHA-256 — rare, specific compliance
SHA-512/256	256 bits	64 hex chars	32 bytes	SHA-512 speed on 64-bit CPUs, 256-bit output

SHA-384 vs SHA-256 vs SHA-512 vs SHA-3-384

Choosing between SHA-384 and other hash algorithms depends on your security requirements, platform constraints, and performance needs. This comparison covers the most relevant properties.

Property	SHA-384	SHA-256	SHA-512	SHA-3-384
Digest size	384 bits (96 hex)	256 bits (64 hex)	512 bits (128 hex)	384 bits (96 hex)
Internal state	512 bits (8x64-bit)	256 bits (8x32-bit)	512 bits (8x64-bit)	1600 bits (sponge)
Block size	1024 bits	512 bits	1024 bits	832 bits
Rounds	80	64	80	24
Word size	64 bits	32 bits	64 bits	N/A (sponge)
Length extension	Resistant	Vulnerable	Vulnerable	Resistant
64-bit performance	Fast (native ops)	Slower (32-bit ops)	Fast (native ops)	Moderate
Standard	FIPS 180-4	FIPS 180-4	FIPS 180-4	FIPS 202
Web Crypto API	Yes	Yes	Yes	No

How SHA-384 Works Internally

SHA-384 processes input through the same Merkle–Damgård construction as SHA-512. The input is padded to a multiple of 1024 bits, split into blocks, and each block is processed through 80 rounds of mixing using Ch, Maj, and two Sigma functions with 64-bit word arithmetic. The key difference from SHA-512 is the initial hash values: SHA-384 uses values derived from the fractional parts of the square roots of the 9th through 16th primes, while SHA-512 uses the first 8 primes. After all blocks are processed, SHA-384 truncates the 512-bit internal state to its first 384 bits.

Input: "hello world"
SHA-384: fdbd8e75a67f29f701a4e040385e2e23986303ea10239211af907fcbb83578b3e417cb71ce646efd0819dd8c088de1bd
(384 bits = 48 bytes = 96 hex characters)

The truncation and different initialization mean SHA-384 and SHA-512 always produce different digests for the same input. This also makes SHA-384 inherently resistant to length-extension attacks, unlike SHA-256 and SHA-512 where an attacker can append data and compute a valid hash without knowing the original message.

SHA-384 Code Examples

SHA-384 is supported natively in all major languages and runtimes. Below are working examples you can copy directly into your projects.

JavaScript (Web Crypto API)

// Works in all modern browsers and Node.js 18+
async function sha384(text) {
  const data = new TextEncoder().encode(text)
  const hashBuffer = await crypto.subtle.digest('SHA-384', data)
  const hashArray = Array.from(new Uint8Array(hashBuffer))
  return hashArray.map(b => b.toString(16).padStart(2, '0')).join('')
}

await sha384('hello world')
// → "fdbd8e75a67f29f701a4e040385e2e23986303ea10239211af907fcbb83578b3e417cb71ce646efd0819dd8c088de1bd"

// Node.js (built-in crypto module)
const crypto = require('crypto')
crypto.createHash('sha384').update('hello world').digest('hex')
// → "fdbd8e75a67f29f701a4e040385e2e23986303ea10239211af907fcbb83578b3e417cb71ce646efd0819dd8c088de1bd"

Python

import hashlib

# Basic SHA-384 hash
result = hashlib.sha384(b'hello world').hexdigest()
print(result)
# → "fdbd8e75a67f29f701a4e040385e2e23986303ea10239211af907fcbb83578b3e417cb71ce646efd0819dd8c088de1bd"

# Hash a string with Unicode characters
text = 'café ☕'
hashlib.sha384(text.encode('utf-8')).hexdigest()
# → 96-character hex string

# Hash a file in chunks (memory-efficient)
with open('release.tar.gz', 'rb') as f:
    sha = hashlib.sha384()
    for chunk in iter(lambda: f.read(8192), b''):
        sha.update(chunk)
    print(sha.hexdigest())

package main

import (
    "crypto/sha512"
    "fmt"
)

func main() {
    data := []byte("hello world")
    // SHA-384 lives in the crypto/sha512 package
    hash := sha512.Sum384(data)
    fmt.Printf("%x\n", hash)
    // → fdbd8e75a67f29f701a4e040385e2e23986303ea10239211af907fcbb83578b3e417cb71ce646efd0819dd8c088de1bd
}

CLI (Linux / macOS)

# Using sha384sum (Linux)
echo -n "hello world" | sha384sum
# → fdbd8e75a67f29f701a4e040385e2e23...  -

# macOS
echo -n "hello world" | shasum -a 384
# → fdbd8e75a67f29f701a4e040385e2e23...  -

# Using openssl (cross-platform)
echo -n "hello world" | openssl dgst -sha384
# → SHA2-384(stdin)= fdbd8e75a67f29f701a4e040385e2e23986303ea...

# Verify a file checksum
sha384sum myfile.bin > checksum.txt
sha384sum -c checksum.txt
# → myfile.bin: OK

Frequently Asked Questions

What is the difference between SHA-384 and SHA-512?

SHA-384 and SHA-512 use the same compression function, block size (1024 bits), and number of rounds (80). They differ in two ways: SHA-384 starts with different initial hash values (derived from primes 9–16 instead of 1–8), and it outputs only the first 384 bits of the 512-bit internal state. This means they always produce different digests for the same input.

Is SHA-384 more secure than SHA-256?

SHA-384 provides 192 bits of collision resistance compared to SHA-256's 128 bits, based on the birthday attack bound of half the digest length. For preimage resistance, SHA-384 offers 384 bits vs. 256 bits. In practice, both are considered secure for current threat models, but SHA-384 provides a larger safety margin for long-term data protection and is required by some government standards.

Why does TLS use SHA-384 instead of SHA-512?

TLS cipher suites like TLS_AES_256_GCM_SHA384 use SHA-384 because it provides sufficient collision resistance (192 bits) while keeping digest sizes manageable. SHA-512's 128-character hex output adds overhead in handshake messages and certificate chains without a proportional security benefit for TLS's use case. SHA-384 also aligns with the 192-bit security level targeted by AES-256.

How is SHA-384 used in Subresource Integrity (SRI)?

SRI tags in HTML use the format integrity="sha384-{base64hash}" to verify that scripts and stylesheets fetched from CDNs have not been modified. The browser computes the SHA-384 hash of the downloaded file and compares it to the expected value. If they do not match, the resource is blocked. SHA-384 is the most commonly used algorithm for SRI because it balances security and digest size.

Can SHA-384 be reversed to recover the original input?

No. SHA-384 is a one-way function by design. It has 384 bits of preimage resistance, meaning there is no known method to recover the input from a SHA-384 digest faster than brute-force search over 2^384 possibilities. However, short or predictable inputs (like common passwords) can be found using precomputed rainbow tables or dictionary attacks, which is why passwords should be hashed with dedicated algorithms like bcrypt or Argon2.

Is SHA-384 supported in the Web Crypto API?

Yes. All modern browsers implement SHA-384 through crypto.subtle.digest('SHA-384', data). This is the same API used by this tool. It is also available in Node.js 18+ and Deno. The Web Crypto API returns an ArrayBuffer that you convert to a hex string by mapping each byte to its two-character hexadecimal representation.

When should I use SHA-384 instead of SHA-256?

Use SHA-384 when your security policy requires more than 128 bits of collision resistance, when you need compliance with CNSA/Suite B for classified data, or when you are already using AES-256 and want a matching 192-bit security level. SHA-384 also runs faster than SHA-256 on 64-bit processors because it uses native 64-bit word operations. For most web applications and general-purpose hashing, SHA-256 remains the standard choice.