secureSHA-2 · 384 bits · 2001
SHA-384
Truncated SHA-512: the awkward middle child of the SHA-2 family. Mandated by NSA Suite B at the TOP SECRET level.
By Deepak Gupta ·
SHA-384 is SHA-512 computed with a different IV and truncated to 384 bits. It's the SHA-2 family member you encounter when an enterprise crypto policy demands a 192-bit security level (matching AES-256), most famously the NSA's Commercial National Security Algorithm Suite for classified work. For practical purposes it's no more secure than SHA-256 for most threat models. The extra bits matter only if you're worried about a future quantum attacker with Grover's algorithm halving your effective hash strength.
Recommended uses
- ·Compliance with NSA CNSA / Suite B requirements
- ·Forward-secrecy-conscious systems planning for post-quantum attackers
Known attacks / caveats
- ·Length-extension does NOT apply (the truncation in the IV prevents it)
Designed by
NSA, published 2001.