SHA-3 and Keccak Hash — The Next Generation Cryptographic Hash

SHA-3 (Keccak) is NIST's latest hash function, designed independently from SHA-2 to provide an alternative if SHA-2 is ever broken. Learn SHA-3 variants (224, 256, 384, 512,...

Mian Ali Khalid · 2026-05-12 · 4 min read

Use the tool

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes client-side.

Open Hash Generator →

SHA-3 (standardized in 2015, based on the Keccak algorithm) is a completely different design from SHA-2. It provides a cryptographic alternative if SHA-2 vulnerabilities are ever discovered.

Generate SHA-256 and other hashes with the Hash Generator.

SHA-3 variants

Variant	Output size	Use case
SHA3-224	224 bits (56 hex)	Drop-in for SHA-224
SHA3-256	256 bits (64 hex)	Drop-in for SHA-256
SHA3-384	384 bits (96 hex)	Drop-in for SHA-384
SHA3-512	512 bits (128 hex)	Drop-in for SHA-512
SHAKE128	Variable	Extendable output
SHAKE256	Variable	Extendable output

SHA-3 vs SHA-2: which to use?

Use SHA-256 (SHA-2) for:

Most current applications
APIs and protocols where SHA-256 is the expected standard
Performance-sensitive applications (SHA-256 is often faster with hardware acceleration)
Compatibility with existing ecosystems (TLS, JWT, etc.)

Use SHA-3 for:

Systems requiring post-quantum design diversity
Applications needing variable-length output (SHAKE variants)
New cryptographic protocols being designed from scratch
Ethereum and many blockchain systems (Keccak-256)

SHA-3 in Node.js

import crypto from 'crypto';

// SHA3-256:
const hash256 = crypto.createHash('sha3-256')
  .update('Hello, World!')
  .digest('hex');
console.log(hash256);
// "1af17a664e3fa8e419b8ba05c2a173169df76162a5a286e0c405b460d478f7ef"

// SHA3-512:
const hash512 = crypto.createHash('sha3-512')
  .update('Hello, World!')
  .digest('hex');

// SHAKE-256 (variable output length):
const shake256 = crypto.createHash('shake256', { outputLength: 32 })
  .update('Hello, World!')
  .digest('hex');
// 32 bytes = 64 hex characters

// Hash a file:
import { createReadStream } from 'fs';

async function hashFileSHA3(filePath) {
  const hash = crypto.createHash('sha3-256');
  
  return new Promise((resolve, reject) => {
    const stream = createReadStream(filePath);
    stream.on('data', (chunk) => hash.update(chunk));
    stream.on('end', () => resolve(hash.digest('hex')));
    stream.on('error', reject);
  });
}

SHA-3 in Python

Python 3.6+ includes SHA-3 in hashlib:

import hashlib

# SHA3-256:
h = hashlib.sha3_256(b'Hello, World!').hexdigest()
print(h)
# "1af17a664e3fa8e419b8ba05c2a173169df76162a5a286e0c405b460d478f7ef"

# All SHA-3 variants:
sha3_224 = hashlib.sha3_224(b'data').hexdigest()
sha3_256 = hashlib.sha3_256(b'data').hexdigest()
sha3_384 = hashlib.sha3_384(b'data').hexdigest()
sha3_512 = hashlib.sha3_512(b'data').hexdigest()

# SHAKE (variable output):
shake128 = hashlib.shake_128(b'data').hexdigest(32)  # 32 bytes = 64 hex chars
shake256 = hashlib.shake_256(b'data').hexdigest(64)  # 64 bytes = 128 hex chars

# Incremental hashing:
h = hashlib.sha3_256()
h.update(b'first chunk')
h.update(b'second chunk')
result = h.hexdigest()

# Large file hashing:
def hash_file_sha3(path: str, block_size: int = 65536) -> str:
    h = hashlib.sha3_256()
    with open(path, 'rb') as f:
        while chunk := f.read(block_size):
            h.update(chunk)
    return h.hexdigest()

Keccak-256 (Ethereum’s hash)

Ethereum uses Keccak-256, which is the original Keccak submission — slightly different from the NIST-standardized SHA3-256 (different padding). They’re not the same!

// For Ethereum work, use a dedicated Keccak library:
// npm install keccak
import { keccak256 } from '@ethersproject/keccak256';
import { toUtf8Bytes } from '@ethersproject/strings';

const hash = keccak256(toUtf8Bytes('Hello'));
// The Ethereum standard hash

// Or:
// npm install ethereum-cryptography
import { keccak256 } from 'ethereum-cryptography/keccak.js';

Performance comparison

import hashlib, time

data = b'x' * 10_000_000  # 10MB

for algo in ['md5', 'sha1', 'sha256', 'sha512', 'sha3_256', 'sha3_512']:
    h = hashlib.new(algo)
    start = time.perf_counter()
    h.update(data)
    h.hexdigest()
    elapsed = time.perf_counter() - start
    print(f'{algo:12} {elapsed*1000:.1f}ms')

# Typical results (no hardware acceleration):
# md5          8.2ms
# sha1         10.1ms
# sha256       35.3ms  (faster with SHA-NI CPU extension)
# sha512        9.8ms  (64-bit optimized)
# sha3_256     41.7ms
# sha3_512     22.4ms

SHA-2 variants with hardware acceleration (Intel SHA-NI, ARM SHA2) significantly outperform SHA-3 on modern processors.

Hash Generator — generate MD5, SHA-256, SHA-512
HMAC Authentication — sign requests with SHA hashes
MD5 vs SHA-256 — when to use each

MD5 Is Dead. Use These Instead. — MD5 was broken in 2004 and is trivially cracked for passwords. Here's what to us…
bcrypt Password Hashing — Why You Should Use bcrypt and How to Implement It — bcrypt is the standard password hashing algorithm for web applications. Learn wh…
File Integrity Verification with Checksums — SHA-256 and MD5 — Verify file integrity using SHA-256 and MD5 checksums. Learn how to generate and…
Hash Functions Comparison — MD5, SHA-1, SHA-256, bcrypt, Argon2 — Hash functions have different speed, output size, and security properties. MD5 a…
MD5 vs SHA-256 — When to Use Each and When Not to Use MD5 — MD5 is broken for security use cases but still useful for checksums and non-secu…

Related tool