Which algorithm and key size should I use?
The HMAC key must be at least as long as the hash output to avoid weakening the algorithm:
- HS256 — SHA-256 produces 32 bytes; your key should be ≥ 32 bytes
- HS384 — SHA-384 produces 48 bytes; your key should be ≥ 48 bytes
- HS512 — SHA-512 produces 64 bytes; your key should be ≥ 64 bytes
For most applications, HS256 with a 32-byte key is sufficient. Use HS512 for maximum entropy — token size increases slightly but signing speed is not meaningfully different.
HMAC vs RSA/ECDSA — when to use which
HMAC (HS*) uses the same secret for signing and verification. Use it when both the issuer and verifier are the same service. If different services need to verify tokens without being able to issue them, use RSA (RS256) or ECDSA (ES256) — the private key signs, the public key verifies.
Why not just use a password?
Passwords are low-entropy by design. A JWT secret needs full cryptographic entropy — 256 bits (HS256) or more. Password-derived secrets can be cracked in minutes with tools like hashcat. A properly generated secret cannot be brute-forced in any practical timeframe.