How Generador de Hash SHA-384 Works
The Secure Hash Algorithm 384 (SHA-384) is a truncated version of the more powerful SHA-512. Defined in FIPS PUB 180-4, it provides a 384-bit (48-byte) message digest. It is frequently chosen for its "Sweet Spot" in security—providing significantly more bits than SHA-256 while offering high performance on 64-bit architectures.
The SHA-384 engine utilizes a high-performance 64-bit architecture:
- Bitwise Padding: The input is padded with a
1bit and zeros until it is 128 bits short of a multiple of 1024. The original message length is then appended. - State Initialization: Eight 64-bit registers (a through h) are initialized with unique constant values derived from the fractional parts of the square roots of the ninth through sixteenth prime numbers.
- Message Schedule Creation: Every 1024-bit block is expanded into a schedule of eighty 64-bit words using recursive rotations and shifts.
- The 80 Rounds: The core engine executes 80 rounds of processing, mixing the internal variables with the message words and constant values.
- Final Truncation: After all blocks are processed, the eight 64-bit variables are concatenated, but the final 128 bits are omitted to produce the final 384-bit hash.
- Hexadecimal Output: The resulting digest is a 96-character string.
The History of SHA-384 and High-Security Standards
SHA-384 was published by the NSA and NIST in 2001 as part of the SHA-2 family. It was specifically designed for "Suite B" cryptographic standards, which required a 384-bit security level for Top Secret government information.
Today, SHA-384 is a primary choice for TLS 1.2 and 1.3 Cipher Suites and is used in the creation of Digital Certificates that require a higher level of trust than the standard SHA-256.
Technical Comparison: SHA-384 vs. SHA-512 vs. SHA-256
Understanding bit-depth and CPU optimization is key for selecting the correct hash function.
| Feature | SHA-384 (Truncated) | SHA-512 (Full) | SHA-256 (32-bit) |
|---|---|---|---|
| Bit Depth | 384 Bits | 512 Bits | 256 Bits |
| Word Size | 64-bit | 64-bit | 32-bit |
| Output Length | 96 Hex Characters | 128 Hex Characters | 64 Hex Characters |
| Resists Length-Ext? | Yes | No | No |
| Security Level | High (Suite B) | Very High | Standard |
By using a dedicated SHA-384 Generator, you ensure your application meets FIPS 180-4 standards, providing robust protection against all known mathematical attacks.
Security Considerations: Length-Extension and Privacy
One of the primary technical reasons to use SHA-384 over SHA-512 is its inherent resistance to certain attacks:
- Length-Extension Resistance: Because SHA-384 is a truncated version of SHA-512, an attacker cannot "append" data to a hash to guess the secret (a vulnerability in full SHA-512 and SHA-256).
- Quantum Resistance: While Quantum Computers threaten many algorithms, SHA-384's large bit-depth provides a significant safety margin against future brute-force capabilities.
- Client-Side Privacy: To maintain absolute Data Privacy, the entire hashing process happens locally in your browser. Your private keys, code, and data logs never leave your machine.
- Data Integrity: Use SHA-384 for Subresource Integrity (SRI) to ensure that your external JavaScript files haven't been compromised.