Generate SRI Hash with SHA-512
Generate a Subresource Integrity hash using SHA-512 for maximum security margin. Learn when the largest SHA-2 digest is the right choice for your integrity attributes.
Detailed Explanation
SRI with SHA-512 — Maximum Security Margin
SHA-512 produces the largest digest in the SHA-2 family — 512 bits (64 bytes), Base64-encoded into an 88-character string. While SHA-384 is the recommended default for SRI, SHA-512 provides the highest security margin available within the specification.
SHA-512 Hash Format
An SRI attribute using SHA-512 looks like:
<script
src="https://cdn.example.com/lib.js"
integrity="sha512-LJk4oYkXPmZxQzEZ1qEfWUTr+t9Gs3Cp5..."
crossorigin="anonymous"
></script>
The hash is longer than SHA-256 (44 chars) or SHA-384 (64 chars), but the additional length is negligible in terms of HTML payload.
Security Properties
SHA-512 offers:
- 256-bit collision resistance — an attacker would need ~2^256 operations to find a collision
- 512-bit preimage resistance — finding an input that produces a specific hash requires ~2^512 operations
- No known vulnerabilities — no practical or theoretical attacks reduce its security level
Performance on 64-bit Systems
SHA-512 and SHA-384 share the same internal structure and perform nearly identically on 64-bit processors. In many benchmarks, SHA-512 is faster than SHA-256 on modern x86-64 and ARM64 CPUs because its 64-bit word operations align with the CPU's native word size:
Benchmark on x86-64 (MB/s):
SHA-256: 350 MB/s
SHA-384: 500 MB/s
SHA-512: 500 MB/s
When to Use SHA-512
- Government and compliance: Organizations following NIST SP 800-131A or similar standards may require SHA-512 for all integrity checks.
- Defense in depth: Pairing SHA-512 with SHA-384 in a multi-hash integrity attribute ensures forward compatibility if any weakness is ever discovered in truncated variants.
- Consistency: If your application already uses SHA-512 for other purposes (file checksums, digital signatures), using the same algorithm for SRI simplifies your security audit.
Generating SHA-512 SRI Hashes
const data = new TextEncoder().encode(content);
const hash = await crypto.subtle.digest("SHA-512", data);
const base64 = btoa(String.fromCharCode(...new Uint8Array(hash)));
console.log(`sha512-${base64}`);
Use Case
SHA-512 SRI hashes are ideal for organizations with strict compliance requirements such as government agencies, financial institutions, and healthcare systems that mandate the strongest available hash algorithms. It is also useful when your existing security infrastructure standardizes on SHA-512 and you want consistency across all integrity verification mechanisms.