SHA-3 hash generator
Hash text or files with SHA3-224, SHA3-256, SHA3-384 or SHA3-512 — free, in your browser, nothing uploaded.
the hash appears here — type above or drop a file
Keccak, standardized
SHA-3 is the winner of NIST's open hash competition — the Keccak algorithm, standardized as FIPS 202 in 2015. Unlike every other SHA, it isn't built on the Merkle–Damgård pattern; it's a sponge: absorb the input into a large internal state, squeeze the digest out. That different skeleton is the whole point — SHA-3 exists so the world has a fallback that shares no structural DNA with SHA-2, should SHA-2 ever crack.
Picking a variant
The selector above covers the four fixed-length variants; the number is the digest size in bits. SHA3-256 (64 hex characters) is the sensible default and the like-for-like stand-in for SHA-256. SHA3-224 exists for legacy slot-sizes, while SHA3-384 and SHA3-512 offer bigger margins for standards that demand them. A useful structural bonus across all of them: the sponge's hidden capacity means length-extension attacks — a real quirk of plain SHA-256 — simply don't apply.
SHA-3 vs SHA-2, without the hype
Neither is broken; both are NIST-approved; SHA-2 is not deprecated and isn't going anywhere. SHA-3 is typically slower in software (it earns its keep in hardware), so adoption has been steady rather than explosive: you'll meet it in newer protocols, some blockchain ecosystems, and compliance profiles that mandate algorithm diversity. One trap worth flagging: pre-standard "Keccak-256" — what Ethereum uses — pads differently from SHA3-256, so the two produce different hashes for identical input. If a value won't match, that's a likely reason; the hash identifier can't tell them apart by length.
Verifying SHA-3 checksums
Same routine as any hash: paste the expected value into the compare field above, or use the verify tool — remembering that a 64-character hash could be SHA-256, SHA3-256 or BLAKE3, so check what the publisher actually used. On Linux, openssl dgst -sha3-256 file computes it natively.
questions
Is SHA-3 more secure than SHA-256?
Neither has any known practical attack — SHA-3 isn't a fix for a broken SHA-2, it's insurance. It uses a completely different construction (the Keccak sponge), so a breakthrough against one family almost certainly wouldn't touch the other. NIST standardized it in 2015 as FIPS 202.
Which SHA-3 variant should I pick?
SHA3-256 unless a spec says otherwise — it's the like-for-like replacement for SHA-256. The number is the output size in bits: 224, 256, 384 or 512. Longer outputs mean more collision resistance, not "more encryption".
Is SHA-3 the same as Keccak?
Almost. SHA-3 is Keccak as standardized by NIST, with a small change to message padding. That's why an old "Keccak-256" implementation (the one Ethereum uses) gives a different result than SHA3-256 for the same input — they're siblings, not twins.
Why do SHA-256 and SHA3-256 give different hashes?
They're entirely different algorithms that happen to share an output length of 64 hex characters. That shared length is why the hash identifier can't tell them apart by looks alone — and why the verify tool lets you switch algorithms when a 64-character hash doesn't match.
What are SHAKE128 and SHAKE256?
Extendable-output cousins of SHA-3 — same sponge, but you choose how many bytes to squeeze out. They're for protocols and key derivation rather than file checksums, so this page sticks to the fixed-length variants.