Generate KMAC256 authentication tags - high-security Keccak-based MAC with 256-bit security per NIST SP 800-185.
About
KMAC256 is a Keccak-based Message Authentication Code defined in NIST SP 800-185, providing 256-bit security with variable-length output and customization options, combining Keccak efficiency with flexible output lengths.
Specifications
Output SizeVariable
StandardNIST SP 800-185
Standard Year2016
Origin Keccak submission to NIST SHA-3 competition
Origin Year 2008
Use Cases
—High-security NIST-compliant authentication
—Keccak-based high-security MAC
—Long authentication tag generation
—Maximum security domain separation
—Post-quantum authentication preparation
Frequently Asked Questions
KMAC256 provides 256-bit security versus 128-bit for KMAC128. Use KMAC256 for high-security applications, long-term protection, or when deriving longer keys. KMAC128 is sufficient for most standard authentication needs.
Yes, KMAC256 with 256-bit security is suitable for high-security protocols. It's approved by NIST in SP 800-185 and provides strong authentication within the SHA-3 family. However, wider ecosystem support is limited compared to HMAC-SHA256.
KMAC256 is a hash-based MAC (using Keccak); CMAC is a block cipher-based MAC (using AES). KMAC256 can produce variable-length output; CMAC produces fixed output. Both are secure, but KMAC256 is preferred in SHA-3 environments.