HS384 (HMAC-SHA384)

HS384 is a symmetric JWT signing algorithm combining HMAC with the SHA-384 hash function. It sits between HS256 and HS512 in output size and recommended secret length. Like other HMAC algorithms, the same secret signs and verifies tokens. HS384 is less common than HS256 but appears in enterprises with stricter algorithm allowlists. Minimum recommended secret length is 384 bits. Implementations across Node.js, Python, Go, Ruby, and Java follow the same RFC standards, so concepts transfer directly between stacks. Security reviews should treat this as part of your full authentication threat model, not an isolated configuration detail. Document expected behavior for client teams so tokens are issued, stored, and validated consistently across services.

Why It Matters

Choose HS384 when compliance or internal standards require stronger hashes than SHA-256 but HS512 overhead is unnecessary. Ensure all issuers and verifiers in your fleet support HS384 — mixed algorithm support causes painful integration bugs during migrations. Getting this wrong often surfaces only after an incident, when forged or replayed tokens expose gaps in validation or secret handling. Platform teams should encode these rules in libraries, linting, and deployment checklists so individual services cannot drift silently. Pair technical controls with monitoring: log verification failures, track unusual token lifetimes, and alert on spikes in 401 responses.

Code Example

HS384 header
{
  "alg": "HS384",
  "typ": "JWT"
}

Related Terms

Related Comparisons

Algorithm Guides

Related Tools

Related Articles

Frequently Asked Questions

Is HS384 more secure than HS256?

Marginally stronger hash output, but real-world JWT security depends more on secret entropy, storage, and validation than hash width. Consult your JWT library documentation for exact option names, defaults, and error types. When in doubt, prefer stricter validation and shorter token lifetimes over permissive shortcuts.

What secret length for HS384?

Use at least 384 bits (48 bytes) of random entropy. Match or exceed the hash output size. Consult your JWT library documentation for exact option names, defaults, and error types. When in doubt, prefer stricter validation and shorter token lifetimes over permissive shortcuts.

Is HS384 widely supported?

Most major JWT libraries support it, but HS256 remains the default. Test your stack before mandating HS384. Consult your JWT library documentation for exact option names, defaults, and error types. When in doubt, prefer stricter validation and shorter token lifetimes over permissive shortcuts.