Documentation
API Reference
Hash Functions
SHA-512

SHA-512

Header: #include <cryptopp/sha.h> | Namespace: CryptoPP Since: Crypto++ 4.0
Thread Safety: Not thread-safe per instance; use separate instances per thread

SHA-512 (Secure Hash Algorithm 512-bit) is a cryptographic hash function from the SHA-2 family that produces 512-bit (64-byte) digests. It provides higher security margins than SHA-256 and is faster on 64-bit processors.

Quick Example 

#include <cryptopp/sha.h>
#include <cryptopp/hex.h>
#include <cryptopp/filters.h>
#include <iostream>

int main() {
    using namespace CryptoPP;

    SHA512 hash;
    std::string message = "Hello, World!";
    std::string digest, hexOutput;

    StringSource(message, true,
        new HashFilter(hash,
            new StringSink(digest)
        )
    );

    // Convert to hex
    StringSource(digest, true,
        new HexEncoder(new StringSink(hexOutput))
    );

    std::cout << "SHA-512: " << hexOutput << std::endl;

    return 0;
}

Usage Guidelines

ℹ️

Do:

  • Use SHA-512 when you need higher security margins (256-bit collision resistance)
  • Use on 64-bit systems where SHA-512 is faster than SHA-256
  • Use for long-term security (future-proofing)
  • Use with HMAC for message authentication
  • Use for truncated variants (SHA-512/256, SHA-384)

Avoid:

  • Using on 32-bit systems (SHA-256 will be faster)
  • Using for password hashing directly (use Argon2 instead)
  • Using SHA-1 (broken) or MD5 (broken)

Class: SHA512

Cryptographic hash function producing 512-bit (64-byte) digests.

Constants 

static const int DIGESTSIZE = 64;   // 64 bytes (512 bits)
static const int BLOCKSIZE = 128;   // 128 bytes (1024 bits)

Constructors

Default Constructor 

SHA512();

Create SHA-512 hash object in initial state.

Example:

SHA512 hash;

Methods

Update() 

void Update(const byte* input, size_t length);

Add data to the hash computation.

Parameters:

  • input - Data to hash
  • length - Length of data in bytes

Example:

SHA512 hash;
hash.Update((const byte*)"Part 1", 6);
hash.Update((const byte*)"Part 2", 6);

Final() 

void Final(byte* digest);

Finalize hash and get result.

Parameters:

  • digest - Output buffer (must be 64 bytes)

Example:

SHA512 hash;
hash.Update((const byte*)data, dataLen);

byte digest[SHA512::DIGESTSIZE];
hash.Final(digest);

TruncatedFinal() 

void TruncatedFinal(byte* digest, size_t digestSize);

Get truncated hash (first digestSize bytes).

Parameters:

  • digest - Output buffer
  • digestSize - Number of bytes to output (≤ 64)

Use case: SHA-512/256 uses 256-bit truncated output.

Restart() 

void Restart();

Reset hash to initial state for reuse.

CalculateDigest() - Static 

static void CalculateDigest(byte* digest,
                            const byte* input,
                            size_t length);

One-shot hash computation.

Example:

byte digest[SHA512::DIGESTSIZE];
SHA512::CalculateDigest(digest, (const byte*)data, dataLen);

VerifyDigest() - Static 

static bool VerifyDigest(const byte* digest,
                         const byte* input,
                         size_t length);

Verify a hash digest (constant-time comparison).

Returns: true if hash matches

AlgorithmProvider() 

std::string AlgorithmProvider() const;

Get implementation provider.

Returns:

  • “POWER8” - IBM POWER8+ SHA
  • “C++” - Software implementation

Note: SHA-512 has less hardware acceleration than SHA-256.

Complete Example: High-Security File Hashing 

#include <cryptopp/sha.h>
#include <cryptopp/files.h>
#include <cryptopp/hex.h>
#include <iostream>

using namespace CryptoPP;

std::string sha512File(const std::string& filename) {
    SHA512 hash;
    std::string digest, hexDigest;

    FileSource(filename.c_str(), true,
        new HashFilter(hash,
            new StringSink(digest)
        )
    );

    StringSource(digest, true,
        new HexEncoder(new StringSink(hexDigest))
    );

    return hexDigest;
}

int main() {
    std::string hash = sha512File("important_document.pdf");
    std::cout << "SHA-512: " << hash << std::endl;

    // Store for long-term integrity verification
    std::ofstream out("important_document.pdf.sha512");
    out << hash;

    return 0;
}

Performance

Benchmarks (Approximate)

PlatformSHA-256 (MB/s)SHA-512 (MB/s)Winner
64-bit CPU400600SHA-512 ✓
32-bit CPU400200SHA-256 ✓
Modern (SHA-NI)1200600SHA-256 ✓

Key Points:

  • SHA-512 is faster than SHA-256 on 64-bit systems (no hardware acceleration)
  • SHA-256 is faster with SHA-NI (Intel/AMD SHA Extensions)
  • SHA-512 provides higher security margin (256-bit collision resistance)

Security

Security Properties

  • Collision resistance: 256-bit security (2^256 operations)
  • Preimage resistance: 512-bit security (2^512 operations)
  • Second preimage: 512-bit security
  • Output size: 512 bits (64 bytes)
  • Block size: 1024 bits (128 bytes)
  • Standard: FIPS 180-4, NIST approved

Security Comparison

AlgorithmCollisionPreimageNotes
SHA-512~256-bit~512-bitHighest security margin
SHA-256~128-bit~256-bitStandard security
BLAKE3~128-bit~128-bitFastest in software

Most applications are comfortable with ~128-bit overall security. SHA-512 offers a very large margin for both collision and preimage resistance.

When to use SHA-512:

  • Long-term security (decades)
  • High-value data protection
  • Compliance requirements
  • Post-quantum preparation

Test Vectors (NIST) 

// Test Vector: "abc"
// SHA-512: ddaf35a193617aba...

std::string message = "abc";
SHA512 hash;
hash.Update((const byte*)message.data(), message.size());

byte digest[SHA512::DIGESTSIZE];
hash.Final(digest);

byte expected[] = {
    0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
    0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
    0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
    0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
    0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
    0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
    0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
    0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f
};

assert(std::memcmp(digest, expected, 64) == 0);

SHA-512 Variants

SHA-384 (Truncated SHA-512) 

#include <cryptopp/sha.h>

SHA384 hash;  // 384-bit output
byte digest[SHA384::DIGESTSIZE];  // 48 bytes
hash.Final(digest);

Use case: Balance between SHA-256 and SHA-512 security.

SHA-512/256 (Truncated with Different IV) 

#include <cryptopp/sha.h>

SHA512_256 hash;  // 256-bit output
byte digest[SHA512_256::DIGESTSIZE];  // 32 bytes
hash.Final(digest);

Use case: 256-bit output with 512-bit internal state (higher security margin than SHA-256).

Thread Safety

Not thread-safe. Use separate instances per thread.

// CORRECT - per-thread
void threadFunc() {
    SHA512 hash;  // Thread-local
    // ... use hash ...
}

When to Use SHA-512

✅ Use SHA-512 for:

  1. Long-Term Security - Data that needs protection for decades
  2. 64-bit Systems - Faster than SHA-256 (no SHA-NI)
  3. High-Value Data - Maximum security margin
  4. Compliance - Some standards require SHA-512
  5. Future-Proofing - Higher security against future attacks

❌ Don’t use SHA-512 for:

  1. 32-bit Systems - SHA-256 will be faster
  2. Systems with SHA-NI - SHA-256 will be faster (hardware acceleration)
  3. Bandwidth-Constrained - 64-byte output is larger

SHA-512 vs SHA-256

Choose SHA-512 when:

  • You have a 64-bit system without SHA-NI
  • You need maximum security margin
  • You’re archiving data for decades
  • Performance is not critical

Choose SHA-256 when:

  • You have hardware acceleration (SHA-NI)
  • You’re on a 32-bit system
  • Smaller hashes are preferred
  • Industry standard is sufficient (most cases)

Exceptions

None thrown under normal operation.

See Also

SHA-256SHA-3