SHA-224 Hash Generator

Generate SHA-224 or HMAC-SHA224 output with configurable input and output encoding.

Tool

Generate SHA-224 Hash

Use the SHA-224 form in the right sidebar to choose input encoding, output encoding, and optional HMAC key, then press Generate SHA-224 Hash to show the result.

Input text

Output hash

This SHA-224 tool is for educational reference, testing, and quick browser experiments. Do not use it with sensitive, confidential, or production data.

Overview

What this tool does

This browser-based SHA-224 tool generates a plain SHA-224 digest or HMAC-SHA224 output from UTF-8 text, HEX bytes, or Base64 data. It is designed for learning, quick verification, compatibility checks, and browser-based integrity testing.

A practical starting point is UTF-8 input, HEX output, and no HMAC key, then compare the same value again with HMAC enabled.

How To

How to use this tool

  1. 1

    Enter input text

    Type or paste the text, encoded value, or sample data you want to hash in the input area.

  2. 2

    Select the input encoding

    Choose UTF-8, HEX, or Base64 so the tool reads the source value in the correct format.

  3. 3

    Choose output settings

    Select HEX or Base64 for the generated digest. HEX output can be normalized with the upper-case or lower-case buttons.

  4. 4

    Optionally add an HMAC key

    Enter a UTF-8 HMAC key if you want to compute HMAC-SHA224 instead of a plain SHA-224 hash.

  5. 5

    Generate the hash

    Press Generate SHA-224 Hash to compute the result.

  6. 6

    Review and normalize the result

    Check the output and selected settings, then use upper-case or lower-case conversion when the output format is HEX.

Guide

Detailed guide to SHA-224 hashing

Thumbnail image for the hash sha224.

Understanding SHA-224 hashing

SHA-224 (Secure Hash Algorithm 224-bit) is a member of the SHA-2 family standardized by the National Institute of Standards and Technology (NIST) in FIPS PUB 180-4. It produces a fixed 224-bit (28-byte) message digest from input data of arbitrary length. SHA-224 is closely related to SHA-256 but uses distinct initial hash values (IVs) and truncates the final output to 224 bits, making it suitable for scenarios where a more compact SHA-2 digest is desirable.

According to NIST's Secure Hash Standard (FIPS 180-4), the SHA-2 family including SHA-224 was designed to provide stronger collision resistance than its predecessor SHA-1. The algorithm processes input data through a Merkle-Damgård construction with a Davies-Meyer compression function, iterating over 512-bit message blocks with 64 rounds of computation per block. The 224-bit output is obtained by truncating the full 256-bit hash state, using a different set of initial values to ensure domain separation from SHA-256.

Hash function mechanism

The internal operation of SHA-224 follows the same core design as SHA-256, as detailed in the IETF RFC 3874 specification for SHA-224. The key steps are:

  • Message padding: The input message is padded to a multiple of 512 bits by appending a '1' bit, followed by '0' bits, and finally a 64-bit representation of the original message length, exactly as specified in the SHA-2 standard.
  • Message schedule: Each 512-bit block is expanded into a 64-entry message schedule (W0 through W63) using bitwise rotations, shifts, and XOR operations derived from the original block words.
  • Compression function: SHA-224 uses the same 64 rounds of compression as SHA-256, employing the SHA-256 sigma and majority functions (Σ0, Σ1, σ0, σ1, Ch, Maj) on eight working variables (A through H).
  • Initial values: SHA-224 uses eight distinct 32-bit initial hash values (IVs) that differ from SHA-256's IVs. This ensures that a SHA-224 digest cannot be derived simply by truncating a SHA-256 output.
  • Final output: After processing all blocks, the final hash state is truncated to the most significant 224 bits (7 of the 8 32-bit words), yielding the 28-byte digest. When encoded as hexadecimal, this produces a 56-character string.

HMAC-SHA224

HMAC (Hash-based Message Authentication Code) is formally defined in IETF RFC 2104 (HMAC: Keyed-Hashing for Message Authentication), while SHA-224 itself is specified in IETF RFC 3874. HMAC-SHA224 combines the SHA-224 hash function with a secret cryptographic key to produce a keyed message digest that provides both data integrity and origin authentication.

  • Construction: HMAC computes H((K' xor opad) || H((K' xor ipad) || message)), where K' is the key padded to the block size, ipad and opad are inner and outer padding constants (0x36 and 0x5c repeated), and H is SHA-224.
  • Security property: HMAC-SHA224 provides resistance against length-extension attacks that affect plain Merkle-Damgård hashes, making it substantially more secure for authentication protocols.
  • Output length: HMAC-SHA224 produces the same 224-bit (28-byte) output as plain SHA-224, but the digest value is determined by both the message content and the secret key.
  • Key sensitivity: A single-bit difference in the HMAC key yields a completely unrelated output digest, making brute-force key search the only viable attack vector when the key has sufficient entropy.

Security considerations

SHA-224 belongs to the well-audited SHA-2 family, but its shorter 224-bit output provides a smaller collision-resistance margin compared to SHA-256 (112-bit vs 128-bit collision security). The following table summarizes the security levels of SHA-224 relative to other common hash functions:

Hash function Digest size (bits) Collision resistance (bits) Preimage resistance (bits) NIST status
SHA-224 224 112 224 Approved (SHA-2 family)
SHA-256 256 128 256 Approved (SHA-2 family)
SHA-384 384 192 384 Approved (SHA-2 family)
SHA-1 160 < 80 (broken) 160 Deprecated or disallowed for most security uses

Key security points for SHA-224:

  • Collision resistance: The birthday bound for SHA-224 is 2112 operations, which is below the 2128 threshold recommended by NIST for long-term security. SHA-256 or SHA-384 is preferred for new cryptographic system designs.
  • MAC construction caution: Plain SHA-224 should not be used as a message authentication code. Truncation hides part of the internal state, but custom secret-prefix constructions remain risky; HMAC-SHA224 is the standard authentication construction.
  • Password hashing: SHA-224 is designed for speed and is unsuitable for password storage. Use purpose-built password hashing or password-based key derivation functions such as Argon2, bcrypt, scrypt, or PBKDF2 with appropriate salts and work factors.
  • Post-quantum considerations: SHA-224's 224-bit output provides only 112 bits of security against Grover's algorithm in a quantum computing model, making it less future-proof than longer-output hash functions.

Applications of SHA-224

Despite its shorter output, SHA-224 appears in several practical contexts where a 224-bit SHA-2 digest is sufficient or required by specification:

  • Digital signatures: Some legacy PKI systems and certificate authorities use SHA-224 with RSA or ECDSA signatures where the security level is matched to the key size (e.g., 2048-bit RSA provides roughly 112-bit security, aligning with SHA-224's collision resistance).
  • File integrity verification: SHA-224 checksums appear in software distribution archives, firmware images, and package management systems that require multiple hash algorithm options for compatibility.
  • Blockchain and distributed systems: Certain cryptocurrency protocols and distributed ledger technologies have adopted SHA-224 for transaction hashing where a 32-byte SHA-256 output would be unnecessarily large for the application's security model.
  • Constrained environments: Embedded systems, IoT devices, and hardware security modules (HSMs) with limited memory or bandwidth may prefer SHA-224's 28-byte output over SHA-256's 32-byte output when every byte matters.
  • HMAC-based protocols: HMAC-SHA224 is used in some network authentication protocols, API request signing schemes, and challenge-response systems where the security policy mandates a SHA-2 variant with a specific output length.
  • Educational testing: SHA-224 is widely used in cryptography courses and textbooks to demonstrate the SHA-2 algorithm structure with a manageable output size for manual computation exercises.

History of SHA-224

SHA-224's development is part of the broader evolution of the Secure Hash Algorithm standard. The timeline below traces the key milestones:

  • 2001: NIST publishes FIPS PUB 180-2, establishing the SHA-2 family including SHA-256, SHA-384, and SHA-512. SHA-224 is not yet included at this stage.
  • 2004: NIST adds SHA-224 to the Secure Hash Standard as a shorter-output SHA-2 variant, motivated by the need for a hash function matching the 112-bit security level of 2048-bit RSA keys.
  • 2005: IETF publishes RFC 3874, formally specifying SHA-224 for use in Internet protocols and providing test vectors for implementation validation.
  • 2008: NIST revises FIPS 180-3, confirming SHA-224 as an approved hash algorithm alongside the other SHA-2 variants.
  • 2012: NIST revises FIPS 180-4, the current version of the Secure Hash Standard, which maintains SHA-224 as an approved algorithm.
  • 2017 onward: As SHA-1 is fully deprecated by major browsers, certificate authorities, and NIST, SHA-224 sees continued use in compatibility scenarios while SHA-256 and SHA-3 become the preferred choices for new deployments.

SHA-224 vs SHA-256 vs SHA-384: A detailed comparison

The SHA-2 family includes multiple output sizes that share the same core algorithm design. Understanding the differences between SHA-224, SHA-256, and SHA-384 helps in selecting the appropriate variant for a specific use case. The table below provides a comprehensive comparison:

Property SHA-224 SHA-256 SHA-384
Digest size 224 bits (28 bytes) 256 bits (32 bytes) 384 bits (48 bytes)
Block size 512 bits (64 bytes) 512 bits (64 bytes) 1024 bits (128 bytes)
Word size 32 bits 32 bits 64 bits
Number of rounds 64 64 80
Collision security 2112 2128 2192
HEX output length 56 characters 64 characters 96 characters
Base64 output length 40 characters (with padding) 44 characters (with padding) 64 characters (with padding)
Relative speed Fast (same as SHA-256) Fast Slower (64-bit word operations)
NIST approval Approved Approved (recommended) Approved (recommended)

As shown in the comparison, SHA-224 and SHA-256 share identical performance characteristics because they use the same 32-bit word operations and 64-round compression function. The only differences are the initial hash values and the final truncation. SHA-384, by contrast, operates on 64-bit words with 80 rounds, making it computationally more expensive but providing a higher security margin. For most modern applications, SHA-256 is the recommended minimum, while SHA-224 remains useful for compatibility with systems that specifically require a 224-bit SHA-2 output.

SHA-224 test vectors

The following table provides official SHA-224 test vectors from the NIST Cryptographic Algorithm Validation Program (CAVP). You can use these known values to verify that your SHA-224 implementation produces correct output:

Input message SHA-224 digest (HEX)
abc 23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7
abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq 75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525
a repeated 1,000,000 times 20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67

To use these test vectors with this tool: (1) select UTF-8 input encoding and HEX output encoding, (2) enter the exact input message, (3) leave the HMAC key field empty, and (4) generate the hash. The output should match the corresponding digest exactly. This is an essential step for validating that any SHA-224 implementation is functioning correctly according to the NIST standard.

Encoding comparison for SHA-224 output

SHA-224 produces a raw 224-bit binary digest that can be represented in multiple encoding formats. The choice of encoding affects the output length, readability, and compatibility with different systems. The table below compares the most common encoding options:

Encoding Output length Character set Best use case Example of "abc"
HEX (lowercase) 56 characters [0-9a-f] Manual comparison, checksum display, documentation 23097d22...9da7
HEX (uppercase) 56 characters [0-9A-F] Some legacy systems, certain programming conventions 23097D22...9DA7
Base64 40 characters (with padding) [A-Za-z0-9+/=] Compact storage, binary protocols, API responses Iwl9IjQF2CKGQqR3vaJVsyqtvOS9oLP342ydpw==
Base64 URL-safe 38 characters (no padding) [A-Za-z0-9-_] URL parameters, JWT-like tokens, web applications Iwl9IjQF2CKGQqR3vaJVsyqtvOS9oLP342ydpw

When using this tool, HEX output is recommended for most use cases because it is human-readable, case-normalizable, and directly comparable across different SHA-224 implementations. Base64 output is more compact (40 characters with padding vs 56 characters for HEX) and is preferred when the digest needs to be transmitted in bandwidth-constrained environments or embedded in binary data formats.

Advanced configuration tips

  • Use UTF-8 when you are hashing plain text directly. This is the most common input encoding and works with all standard text inputs including Unicode characters.
  • Use HEX when your source is already represented as hexadecimal bytes, such as when verifying a hash of a binary file that was previously hex-encoded.
  • Use Base64 when your source value is already Base64 encoded binary data, for example when working with Base64-encoded certificate or key material.
  • If the HEX input length is odd, the page prepends a leading zero before parsing, matching the original logic to ensure valid byte-level parsing.
  • Cross-check important outputs with a trusted local library or command line tool such as openssl dgst -sha224 or sha224sum on Linux systems.
  • Test the same message with and without HMAC to see the difference between unkeyed and keyed hashing. Even a single-character HMAC key completely changes the output.
  • When comparing SHA-224 outputs across different tools, always ensure the input encoding and output encoding settings match exactly. A mismatch in encoding is the most common source of apparent hash discrepancies.

Limitations and cautions

  • Client-side processing: Everything runs in the browser using the CryptoJS library. No data is sent to any server, but the computation speed depends on the client device's CPU performance.
  • Not for passwords: SHA-224 is designed for speed and is completely unsuitable for password storage. Use Argon2, bcrypt, scrypt, or PBKDF2 with appropriate work factors for password hashing.
  • Legacy strength level: SHA-224's 112-bit collision resistance is below the 128-bit threshold recommended by NIST for new systems. SHA-256 or SHA-3 is preferred for modern cryptographic designs.
  • Encoding sensitivity: Selecting the wrong input encoding will produce either parsing errors or an unexpected digest. Always verify that the input encoding matches the actual format of your source data.
  • Browser dependency: The page assumes a modern browser with JavaScript enabled. The CryptoJS library used for computation may have subtle differences from native implementations for edge-case inputs.
  • No custom MAC construction: Plain SHA-224 should not be used as a Message Authentication Code (MAC) or in any custom secret-prefix construction. Use HMAC-SHA224 when message authentication is required.

Final tips

  1. Start with UTF-8 input and HEX output for the easiest testing flow. Use the well-known test vector abc to verify that the tool produces the expected digest 23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7.
  2. Use HMAC only when you intentionally want keyed hashing behavior with a secret key for message authentication.
  3. Validate important digests against another trusted implementation such as OpenSSL or a NIST-certified cryptographic library to ensure correctness.
  4. Use SHA-224 mainly for education, compatibility work, and light integrity checks where the 224-bit output size is explicitly required by the target system.
  5. Choose SHA-256 or SHA-3 for stronger digest use cases, and use purpose-built password hashing or password-based key derivation functions such as Argon2, bcrypt, scrypt, or PBKDF2 for password storage.

Results generated by this tool are for educational and testing purposes only. Actual outputs may vary based on input accuracy, encoding choices, and whether HMAC mode is enabled. Always verify critical hash values against a secondary, independently implemented tool before relying on them in production environments or security-critical applications.

FAQ

Frequently asked questions

Can I hash HEX input with this page?

Yes. Select HEX as the input encoding. The tool validates the characters and pads an odd-length HEX value with a leading zero before parsing.

What happens if I enter an HMAC key?

When you enter an HMAC key, the page generates HMAC-SHA224 instead of a plain SHA-224 hash.

Can I use upper case or lower case conversion for Base64 output?

No. The case conversion buttons are intended for HEX output and are disabled when Base64 output is selected.

Is this page suitable for password hashing or modern high-security systems?

No. This page is mainly for educational and testing purposes. For password storage, use purpose-built password hashing or password-based key derivation functions such as Argon2, bcrypt, scrypt, or PBKDF2. For modern secure digests, prefer SHA-256 or SHA-3.