I'm using JWT RS256 algorithm in my current project, but I'm wondering what are the differences between algorithms RS256, RS384, and RS512. Can someone explain to me what are the key differences in these algorithms?
This is the set of algorithms defined for use with JWS in RFC 7518 -JSON Web Algorithms (JWA)
| "alg" Param Value | Digital Signature or MAC Algorithm | Implementation Requirements |
|---|---|---|
| Symmetric HMAC | ||
| HS256 | HMAC using SHA-256 | Required |
| HS384 | HMAC using SHA-384 | Optional |
| HS512 | HMAC using SHA-512 | Optional |
| RSA-based | ||
| RS256 | RSASSA-PKCS1-v1_5 using SHA-256 | Recommended |
| RS384 | RSASSA-PKCS1-v1_5 using SHA-384 | Optional |
| RS512 | RSASSA-PKCS1-v1_5 using SHA-512 | Optional |
| Elliptic-curve | ||
| ES256 | ECDSA using P-256 and SHA-256 | Recommended- |
| ES384 | ECDSA using P-384 and SHA-384 | Optional |
| ES512 | ECDSA using P-521 and SHA-512 | Optional |
| Probabilistic signature scheme | ||
| PS256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 | Optional |
| PS384 | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 | Optional |
| PS512 | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 | Optional |
| Horribly insecure | ||
| none | No digital signature or MAC performed | Optional |
The difference between RS256, RS384, and RS512 is the hashing algorithm SHA256, SHA384 and SHA512