Generate variable-length SHAKE128 XOF output for key derivation and masking.
About
SHAKE128 is a secure XOF (Extendable-Output Function) that produces variable-length output using Keccak-f[1600] with 256-bit capacity, providing 128-bit security with arbitrary-length output capability.
Specifications
Output SizeVariable
StandardFIPS 202
Standard Year2015
Origin Keccak submission to NIST SHA-3 competition
Origin Year 2008
Use Cases
—Key derivation with custom length
—Stream cipher construction
—Mask generation functions (MGF)
Frequently Asked Questions
SHAKE128 is an eXtendable-Output Function (XOF) that can produce output of any length. Unlike fixed-output hash functions, you can request arbitrary byte lengths from SHAKE128. It uses the Keccak-f[1600] permutation with 256-bit capacity, providing 128-bit security regardless of output length.
SHAKE128 is ideal for: (1) Key derivation requiring custom key lengths, (2) Mask generation functions (MGF) in RSA-OAEP and other schemes, (3) Stream cipher construction, (4) Pseudorandom number generation with arbitrary output, (5) Protocols requiring variable-length outputs from a single hash computation.
No, security remains at 128-bit regardless of output length. The capacity (256 bits) determines security, not the output length. You can generate megabytes of output and still maintain 128-bit security against collision and preimage attacks. However, for 256-bit security, use SHAKE256 instead.