Home

hLen

In cryptography, hLen denotes the length, in bytes, of the output produced by a given hash function. It is a parameter used by several PKCS standards and RFCs to describe padding, masking, and signature schemes that depend on a hash digest. For a hash function H, hLen equals the number of bytes in H’s digest.

The value of hLen depends on the chosen hash function. For example, SHA-1 yields hLen of 20

In schemes such as OAEP (Optimal Asymmetric Encryption Padding) and PSS (Probabilistic Signature Scheme) defined in

Notes: The choice of hash function—and thus hLen—affects the maximum message size, padding overhead, and security

bytes,
SHA-256
yields
32
bytes,
SHA-384
yields
48
bytes,
and
SHA-512
yields
64
bytes.
PKCS
#1,
hLen
is
used
to
compute
padding
lengths
and
to
drive
the
mask
generation
function
MGF1.
MGF1
uses
a
hash
function
with
output
length
hLen,
and
the
generated
mask
length
is
specified
as
a
multiple
of
hLen.
properties.
Implementers
should
ensure
the
selected
hash’s
hLen
satisfies
protocol
requirements
and
aligns
with
the
desired
security
level.
The
term
appears
in
standards
as
an
explicit
parameter,
but
in
other
contexts
the
digest
length
is
embedded
in
the
hash’s
name.