About

SHA-384 is a truncated variant of SHA-512 from the SHA-2 family, producing a 384-bit (96 hexadecimal character) digest. It provides a security strength of 192 bits against collision attacks per the birthday bound n/2, making it stronger than SHA-256 for applications requiring higher collision resistance. Incorrect hash selection in certificate pinning, HMAC construction, or integrity verification can degrade cryptographic guarantees without visible symptoms until exploitation occurs. This generator uses the Web Crypto API crypto.subtle.digest with cryptographically secure random input from crypto.getRandomValues, not Math.random. Each output is a genuine SHA-384 digest of 48 random bytes.

The tool approximates uniform distribution across the 2³⁸⁴ output space, subject to browser CSPRNG quality. It is intended for test fixtures, database seeding, and protocol prototyping. It does not replace key derivation functions like PBKDF2 or Argon2 for password storage.

Formulas

Each hash is computed as a genuine SHA-384 digest of cryptographically random input bytes. The process follows two stages:

R ← CSPRNG(48 bytes)

where R is a 384-bit random buffer produced by the operating system's entropy pool via crypto.getRandomValues.

H = SHA-384(R)

The digest H is then encoded as a 96-character hexadecimal string. SHA-384 internally uses the SHA-512 compression function with a different initialization vector IV, then truncates the final 512-bit state to 384 bits. The compression operates on 1024-bit blocks over 80 rounds.

Collision probability for n generated hashes follows the birthday approximation:

P_collision ≈ 1 − e^{−n²2³⁸⁵}

where P_collision = probability of at least one collision, n = number of hashes generated, and 2³⁸⁴ = size of the output space. For n = 500, this probability is negligibly close to 0.

Reference Data

Hash Algorithm	Family	Digest Size (bits)	Hex Characters	Block Size (bits)	Collision Resistance (bits)	Status (NIST)
MD5	MD	128	32	512	64 (broken)	Deprecated
SHA-1	SHA	160	40	512	80 (broken)	Deprecated
SHA-224	SHA-2	224	56	512	112	Approved
SHA-256	SHA-2	256	64	512	128	Approved
SHA-384	SHA-2	384	96	1024	192	Approved
SHA-512	SHA-2	512	128	1024	256	Approved
SHA-512/224	SHA-2	224	56	1024	112	Approved
SHA-512/256	SHA-2	256	64	1024	128	Approved
SHA3-256	SHA-3	256	64	1088	128	Approved
SHA3-384	SHA-3	384	96	832	192	Approved
SHA3-512	SHA-3	512	128	576	256	Approved
BLAKE2b-256	BLAKE2	256	64	1024	128	RFC 7693
BLAKE3	BLAKE3	256	64	512	128	Non-NIST
RIPEMD-160	RIPEMD	160	40	512	80	Legacy
Whirlpool	Whirlpool	512	128	512	256	ISO/IEC 10118-3

Frequently Asked Questions

Hashing sequential inputs (counters, timestamps) produces deterministic outputs that can be predicted if the seed is known. This generator feeds 48 bytes from the browser's CSPRNG into SHA-384, ensuring each digest is both unpredictable and uniformly distributed across the 2^384 output space. For test data where predictability is acceptable, counter-based hashing is fine. For security tokens or nonce generation, CSPRNG input is required.

SHA-384 provides 192-bit collision resistance versus SHA-256's 128-bit, which matters in multi-target attack scenarios or when compliance standards (e.g., CNSA Suite) mandate it. Compared to SHA-512, SHA-384 produces shorter digests (96 vs 128 hex characters) while sharing the same internal 64-bit word arithmetic, making it equally fast on 64-bit processors. TLS 1.2 and 1.3 both include SHA-384 cipher suites for this reason.

No. Raw SHA-384 digests lack salting and computational cost tuning. An attacker with GPU hardware can compute billions of SHA-384 hashes per second. Use dedicated password hashing functions: Argon2id (winner of PHC), bcrypt (cost factor ≥ 12), or scrypt. These hashes are appropriate for integrity checks, test identifiers, content addressing, and HMAC key material.

Theoretically yes, but the probability is astronomically low. The birthday bound for SHA-384 requires approximately 2^192 hashes before a 50% collision chance. Generating 500 hashes yields a collision probability of roughly n²/2^385 ≈ 10⁻¹¹⁰. For practical purposes, every hash this tool generates is unique.

The input bytes from crypto.getRandomValues are sourced from OS-level entropy pools (CryptGenRandom on Windows, /dev/urandom on Linux) which pass NIST SP 800-22. SHA-384 then acts as a pseudorandom function that preserves uniformity. The hex output will pass frequency, runs, and serial tests. However, this tool is a hash generator, not a certified DRBG. For FIPS 140-2 compliance, use a validated module.

The Web Crypto API processes SHA-384 asynchronously. On modern hardware, generating 500 hashes completes in under 100ms. The bottleneck is DOM rendering, not hashing. For batches exceeding 1000 (not supported here to maintain UI responsiveness), a Web Worker with chunked rendering would be necessary.