HS384 (HMAC-SHA384)

HS384 uses HMAC with SHA-384 for JWT signing. It provides a larger hash output than HS256 with moderate performance overhead. Less common than HS256 but fully supported by RFC 7518.

When to Use

Use HS384 when your security policy requires SHA-384 minimum hash strength, or when migrating from systems that mandate 384-bit HMAC. For most apps, HS256 is sufficient.

Key Length Requirements

Minimum 384 bits (48 bytes) for the HMAC secret. Generate with cryptographically secure random bytes.

Generate Keys

Recommended: 384-bit

Open Jwt Secret Generator
Read full glossary definition: HS384 (HMAC-SHA384)

Related Comparisons

Related Terms

Frequently Asked Questions

Should I use HS384 instead of HS256?

Only if required by policy. HS256 with a 256-bit secret is secure for virtually all applications.

Does HS384 affect token size?

No. Token size depends on claims, not the HMAC hash length used for signing.