YoSin Tools

KMAC128 Hash Generator

Generate KMAC128 (Keccak Message Authentication Code) hashes online. NIST SP 800-185 keyed hash function built on cSHAKE128. Configure key, output length, and customization string.

Input
Output
Share Link
Settings
Hash

Related Hash Tools

KMAC128 FileHash from file KMAC256256-bit security KMAC cSHAKE128Unkeyed cSHAKE SHAKE128XOF without key SHA3-256Fixed SHA-3

Frequently Asked Questions

What is KMAC128?
KMAC128 is a Keccak-based Message Authentication Code (MAC) from NIST SP 800-185. It is built on cSHAKE128 with N='KMAC'. It takes a key, message, output length, and optional customization string as inputs, producing a keyed hash of any desired length.
How is KMAC128 different from HMAC?
HMAC was designed to fix length-extension vulnerabilities in Merkle-Damgård hash functions (MD5, SHA-1, SHA-2). SHA-3/Keccak functions don't have this vulnerability, so KMAC is a cleaner, purpose-built keyed hash. KMAC also supports variable output length and has a more straightforward construction.
Can I use KMAC128 for key derivation?
Yes. KMAC128 can function as a PRF (Pseudorandom Function) and key derivation function. The variable output length allows deriving keys of any size directly from one KMAC128 invocation.
KMAC128 vs KMAC256 — which should I use?
KMAC128 provides 128-bit security (suitable for most applications). KMAC256 provides 256-bit security and is recommended for post-quantum resistant applications and long-term sensitive data. Both use the same KMAC construction but different Keccak capacity parameters.

About KMAC128 Hash Generator

KMAC128 (Keccak Message Authentication Code, 128-bit security) is a keyed hash function standardized in NIST Special Publication 800-185 (2016). It is built on cSHAKE128 and provides a formally defined interface for message authentication, pseudorandom function (PRF) evaluation, and key derivation. Unlike HMAC, KMAC is designed from the ground up for the Keccak sponge construction and doesn't require SHA-3's inherent resistance to length-extension attacks.

How KMAC128 Works

KMAC128 uses cSHAKE128 internally with N set to 'KMAC'. The key and its length are encoded and prepended to the message. This ensures that KMAC outputs are completely independent for different keys, and that KMAC(key1, msg) and KMAC(key2, msg) are unrelated even for related keys. The customization string S provides an additional domain separation dimension.

Applications

KMAC128 is used in post-quantum cryptography reference implementations (CRYSTALS-Kyber, CRYSTALS-Dilithium), session key derivation, MAC construction for authenticated encryption, and pseudorandom number generation seeded by a master key. Its variable output length makes it particularly flexible compared to fixed-output MACs like HMAC-SHA256.

KMAC as a PRF

When used as a pseudorandom function, KMAC128(key, context, L) produces L bits of pseudorandom output that appears independent for different context values. This pattern is commonly used in key schedules and protocol state machines where multiple keys are needed from a single master key.