HMAC-SHA384 for Balanced Security

Q: HMAC-SHA384 for Balanced Security

## HMAC-SHA384: The Middle Ground HMAC-SHA384 uses SHA-384 as the underlying hash function to produce a 384-bit (48-byte) authentication code, typically represented as a 96-character hexadecimal string. SHA-384 is actually a truncated version of SHA-512 with different initial values, meaning it inherits SHA-512's performance characteristics on 64-bit systems. ### How SHA-384 Relates to SHA-512 SHA-384 is not a separate algorithm from SHA-512 — it uses the same internal structure (1024-bit blo

Discover HMAC-SHA384 as a balanced alternative between HMAC-SHA256 and HMAC-SHA512. Learn its truncated output design and compliance advantages for government use.

Algorithm Comparison

Detailed Explanation

HMAC-SHA384: The Middle Ground

HMAC-SHA384 uses SHA-384 as the underlying hash function to produce a 384-bit (48-byte) authentication code, typically represented as a 96-character hexadecimal string. SHA-384 is actually a truncated version of SHA-512 with different initial values, meaning it inherits SHA-512's performance characteristics on 64-bit systems.

How SHA-384 Relates to SHA-512

SHA-384 is not a separate algorithm from SHA-512 — it uses the same internal structure (1024-bit blocks, 80 rounds, 64-bit words) but differs in two ways:

Different initial hash values: SHA-384 starts with a different set of eight 64-bit constants, derived from the 9th through 16th primes
Truncated output: The final 512-bit result is truncated to 384 bits by discarding the last 128 bits

This design means SHA-384 runs at the same speed as SHA-512 on identical hardware. The truncation provides no performance benefit — it only reduces output length.

Why Choose HMAC-SHA384?

HMAC-SHA384 occupies a specific niche:

Compliance: NSA's Commercial National Security Algorithm (CNSA) Suite and NIST SP 800-185 reference SHA-384 for certain applications
TLS: TLS 1.3 cipher suites include TLS_AES_256_GCM_SHA384, which uses SHA-384 for the PRF
Truncation resistance: By discarding bits at the algorithm level, SHA-384 provides inherent protection against attacks that exploit full internal state exposure
JWT: The HS384 algorithm in JSON Web Tokens uses HMAC-SHA384

Performance Profile

Since SHA-384 uses the same computation as SHA-512, it performs identically on 64-bit systems. On a modern server:

64-bit x86: SHA-384 and SHA-512 are often faster than SHA-256
32-bit systems: SHA-256 is significantly faster than SHA-384/512
ARM with crypto extensions: SHA-256 has dedicated hardware support and is fastest

When to Use HMAC-SHA384

Choose HMAC-SHA384 when compliance requirements specify it, when working with TLS 1.3 configurations, or when you want SHA-512-level computation with a shorter output. For general-purpose use without specific compliance needs, HMAC-SHA256 is usually sufficient.

Use Case

HMAC-SHA384 is used in TLS 1.3 cipher suites, government systems requiring CNSA Suite compliance, and JWT implementations using the HS384 algorithm where a balance between output length and maximum security margin is needed.

Try It — HMAC Generator

Open full tool →