SHAKE128 vs. SHAKE256: A Comparison

SHAKE128 and SHAKE256 are members of the SHA-3 family, standardized by NIST (FIPS 202). They are not traditional hash functions but rather Extendable-Output Functions (XOFs). This means they can produce an output of virtually any desired length, unlike fixed-output hashes like SHA-256 or SHA3-256. Both are based on the Keccak sponge construction, but they differ primarily in their underlying security strength.

What is SHAKE128?

SHAKE128 provides a security strength equivalent to 128 bits against all structural attacks (like collision or preimage attacks), assuming a sufficient output length is used (e.g., 256 bits or more for 128-bit collision resistance). It uses the same Keccak permutation as other SHA-3 functions but with parameters configured for this security level. Because it has a smaller internal capacity compared to SHAKE256, it generally offers higher performance.

What is SHAKE256?

SHAKE256 offers a higher security strength, equivalent to 256 bits against structural attacks (again, assuming sufficient output length, e.g., 512 bits or more for 256-bit collision resistance). It uses the Keccak permutation with parameters set for this higher security level, involving a larger internal capacity. This increased capacity provides a greater security margin but typically comes at the cost of slightly reduced performance compared to SHAKE128.

Key Differences & When to Choose

FeatureSHAKE128SHAKE256
TypeExtendable-Output Function (XOF)Extendable-Output Function (XOF)
Underlying AlgorithmKeccak Sponge ConstructionKeccak Sponge Construction
Security Strength128 bits256 bits
Internal Capacity (Related to Security)LowerHigher
PerformanceGenerally FasterGenerally Slower (than SHAKE128)
Output LengthVariable (User-defined)Variable (User-defined)
Primary Use CasesKey derivation, stream ciphers, lightweight crypto, hash-based signatures (where 128-bit security suffices)Applications requiring higher security, robust key derivation, future-proofing, high-security signatures

Choosing Between Them

The choice between SHAKE128 and SHAKE256 depends directly on the security requirements of your application:

  • Choose SHAKE128 if a 128-bit security level is sufficient for your application and performance is a significant consideration. Many protocols and lightweight cryptographic schemes operate comfortably at this security level.
  • Choose SHAKE256 if you require a higher 256-bit security level, need a larger security margin against future attacks, or are building systems intended for very long-term security. The performance cost is usually acceptable for the increased security assurance.

Both are excellent, flexible functions built on the secure foundation of Keccak, offering significant advantages over older hash constructions, especially their immunity to length extension attacks and their ability to generate outputs of arbitrary length.

Checksum Tools

Adler-32
Calculate Adler-32 hash values for data integrity verification.
CRC-16
CRC-16 is primarily used for error detection. Ideal for serial communication protocols, peripheral device communication, automotive systems and storage devices
CRC-24
CRC-24 is commonly used for data integrity verification in various specialized applications, including telecommunications, OpenPGP, and Bluetooth Low Energy protocols.
CRC-32
CRC-32 is widely used for error detection and data integrity verification in various applications, including file transfer protocols and storage systems.
CRC-64
CRC-64 is a 64-bit cyclic redundancy check algorithm used in various applications, including data storage and transmission.
Fletcher-16
Fletcher-16 is a non-cryptographic checksum algorithm designed for error detection, similar to CRCs but often faster and with better detection for some types of errors.
Fletcher-32
Fletcher-32 is a a quick and strong checksum suitable for higher performance embedded systems, real-time OS or middleware & scientific data handling.
Double SHA-256
Generate Double SHA-256 hashes used in Bitcoin and blockchain applications.
MD5
Generate MD5 checksums online for fast and reliable data verification as well as working with legacy systems.
SHA1
Use this free SHA1 generator to compute checksums and ensure data accuracy.
RIPEMD-160
RIPEMD-160 is a cryptographic hash function which is heavily used in Bitcoin and other cryptocurrencies
Whirlpool
Easily generate Whirlpool checksums to validate files and detect transmission errors.
SHA224
Create (SHA-2 family) SHA224 checksums instantly to verify file content and ensure data integrity.
SHA256
Widely used algorithm SHA256 checksum calculator to generate hash values for security, networking, storage & data compression
SHA384
Generate SHA384 checksums for secure data verification and digital signatures.
SHA512
Calculate SHA512 hashes to check file consistency and prevent data corruption.
SHA3-224
Online SHA3-224 checksum calculator for accurate and efficient data verification.
SHA3-256
Create SHA3-256 cryptographic hash values.
SHA3-384
Calculate SHA3-384 hash values to verify file integrity and detect data corruption.
SHA3-512
Generate SHA3-512 checksums online for fast and reliable data verification.
SHAKE128
Calculate SHAKE128 hash values to verify file integrity and detect data corruption.
SHAKE256
Generate variable-length hash values with SHAKE256 extendable output function for higher security.
Keccak
Generate Keccak (SHA-3 Variant) hash values used in Ethereum blockchain.
Blake2b
Generate Blake2b hashes used in Siacoin and Verge mining.
Blake2s
BLAKE2s is a fast, secure cryptographic hash function ideal for checksums, data integrity, and file verification. Faster than MD5.
Blake3
BLAKE3 is a fast, secure, and highly parallelizable cryptographic hash function, outperforming SHA-2, SHA-3, and BLAKE2 in speed