Converter Web ToolsConverter WebTools

SHAKE128 Hash

Generate a SHAKE128 hash from any text instantly. Everything is computed in your browser, so your input never leaves your device.

Input
Output
Share Link
Settings
Hash

What is SHAKE128?

SHAKE128 is an extendable-output function (XOF) in the SHA-3 cryptographic family, standardized by NIST in 2015, offering a security strength of 128 bits. Unlike fixed-length hash functions, SHAKE128 uses the Keccak sponge construction to generate outputs of any desired length (from a few bits to kilobytes or more), making it ideal for applications requiring variable-length cryptographic digests. This free online SHAKE128 Hash Generator lets you compute SHAKE128 hashes directly in your browser with no upload, no sign-up, and complete privacy—your data never leaves your device.

How SHAKE128 works

SHAKE128 uses the sponge construction, a cryptographic design that absorbs input data and then squeezes out output of any desired length. Here's how it works:

  1. Initialization: Start with a 1600-bit state, all zeros.
  2. Absorption Phase: Your input message is padded and fed into the state in 1344-bit (168-byte) blocks. Each block is XORed into the state, then the Keccak-f permutation is applied.
  3. Squeezing Phase: Output is extracted from the state in 1344-bit chunks. After each chunk, the permutation is applied again to generate the next chunk.
  4. Output: You get the hash in hexadecimal format, with a length you control.

Example structure: Input "hello" is absorbed into the state, then the sponge is squeezed to produce, say, 256 bits (32 bytes) of hash output in hexadecimal. The output depends on every bit of the input—changing even one character completely changes the hash.

How to use

  1. Type or paste your text into the input box.
  2. The SHAKE128 hash is calculated automatically as you type.
  3. Choose your output encoding (Hex or Base64) if needed.
  4. Click Copy to copy the digest to your clipboard.

Common uses

  • Generating variable-length cryptographic digests for custom security requirements or application-specific needs
  • Digital signatures and authentication where flexible output lengths improve compatibility with RSASSA-PSS and ECDSA frameworks
  • Deriving cryptographic keys or random bytes of arbitrary length from passwords or seed material
  • Building mask generation functions (MGF) for optimal asymmetric encryption padding (OAEP) in public-key cryptography
  • Creating checksums and integrity verification for files where output size can be tailored to expected collision rates

Frequently asked questions

What is the difference between SHAKE128 and SHA-256?
SHA-256 produces a fixed 256-bit (32-byte) output, while SHAKE128 produces variable-length output you control. SHAKE128 also has 128-bit security strength (vs SHA-256's 256-bit), so for equivalent security use longer SHAKE128 outputs.
Can SHAKE128 be reversed to get the original input?
No, SHAKE128 is a cryptographic one-way function. Computing the hash is easy, but recovering the input from the hash is computationally infeasible, even though the output can be any length.
How long should my SHAKE128 output be?
The security strength is min(output-bits/2, 128). For maximum 128-bit security, use at least 256 bits (32 bytes) of output. Longer outputs don't increase collision resistance beyond 128 bits but may be required for specific applications.
Is SHAKE128 safe to use today?
Yes, SHAKE128 is a NIST-standardized, modern cryptographic function with no known practical attacks. It's part of SHA-3 (approved since 2015) and is suitable for current and near-future cryptographic applications.
Is my data private when using this tool?
Completely private. This tool runs entirely in your browser—no data is sent to any server, nothing is stored, and no sign-up is required. Your hash is computed locally on your device.
Can I use SHAKE128 to generate random numbers?
Yes, SHAKE128 can serve as a cryptographically secure pseudo-random number generator (CSPRNG) when seeded with a secret value, producing arbitrary-length random byte sequences.