0

I need to use an Asymmetric algorithm for a JsonWebToken , so it must be Asymmetric RS256 or RS384 or RS512 but I don't understand the difference between them in terms of security and performance (I know that each one uses a different hash but thats all ). according to https://www.rfc-editor.org/rfc/rfc7518#section-3.1 RS256 uses SHA-256 as a Digital Signature or MAC Algorithm RS384 uses SHA-384 as a Digital Signature or MAC Algorithm RS512 uses SHA-512 as a Digital Signature or MAC Algorithm

so I would like to know which one is best to use and what is the difference between the hashing algorithms SHA-256/SHA-384/SHA-512 Thanks

Community
  • 1
  • 1
Kareem Zarka
  • 3
  • 3
  • https://stackoverflow.com/questions/51489637/what-are-the-differences-between-jwt-rs256-rs384-and-rs512-algorithms <- the RFC recommends 256, unless you have a good reason not to, use that –  May 05 '21 at 15:29
  • https://en.wikipedia.org/wiki/SHA-2 <- SHA-256/SHA-384/SHA-512 are all the same SHA-2 hash, with tweaks to produce a different number of bits. The longer variants are... longer, not necessarily more secure. –  May 05 '21 at 15:35
  • @dratenik thnak you so much , so in other words they just differ with the size of the key generated ? so no reason to use other than RS256 – Kareem Zarka May 05 '21 at 16:09
  • *it must be Asymmetric ,according to jwt.io I will need to use HMAC* - ? HMAC (HS256/HS384/HS512) are symmetric algorithms. *since they are used by RS256 or RS384 or RS512* - ? HMAC is not used by RSxxx. HMAC uses SHAxxx and RSxxx also uses SHAxxx, but RS does not use HMAC, you're mixing up a lot of things here. – jps May 05 '21 at 16:52
  • @jps I was only refering only to Asymmetric keys ! I wasnt talknig about symmetric ones – Kareem Zarka May 05 '21 at 17:56
  • you wrote: *according to jwt.io I will need to use HMAC* - I just wanted to clarify: HMAC is symmetric and has nothing to do with asymmetric algorithms like RSxxx. – jps May 05 '21 at 18:11
  • @jps you're very right thank you for noticing it and pointing it out , I corrected the question ,can you please check it again and let me know your opinion Thanks in advance – Kareem Zarka May 05 '21 at 18:27

0 Answers0