Why chose SHA512 over SHA384?

hash digest integrity sha512 sha2
jst picture jst · Apr 8, 2012 · Viewed 26.3k times · Source

SHA384 is a truncated version of SHA512. But why would anyone use it? And corollary: if SHA384 is just as good as SHA512, is there any rationale in using the 512 bit version?

I am planning to use one of the algorithms to verify file integrity, so I am mainly interested in colision security.

I would be happy to hear how anyone uses the SHA2 digests in practice and why would you chose one version over the other.

Answer

David Schwartz picture David Schwartz · Apr 8, 2012

For practical purposes and the foreseeable future, both SHA384 and SHA512 are good enough for almost any imaginable collision-resistance application. Generally, the primary determining factor of what hash you would use, once we're above 256 bits and collision resistance is infinite for practical purposes, is just how many bits of output you need. For example, if you need the hash to generate both a 256-bit HMAC key and a 128-bit encryption key, SHA384 is a natural choice. If you need as much output as possible for the computational cost, say for output of a PRNG or as random padding, then SHA512 makes sense.

Related questions

RoR - MD5 generation

How can I encrypt a string with MD5 in Rails 3.0 ? pass = MD5.hexdigest(pass) in a model yields uninitialized constant MyModel::MD5

Read More
How can I generate an MD5 hash?

Is there any method to generate MD5 hash of a string in Java?

Read More
Generate a Hash from string in Javascript

I need to convert strings to some form of hash. Is this possible in JavaScript? I'm not utilizing a server-side language so I can't do it that way.

Read More