diff --git a/config.h b/config.h
index 4e2eb68c..7630b936 100644
--- a/config.h
+++ b/config.h
@@ -43,6 +43,10 @@
 // # define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS
 #endif
 
+// Define this to choose the FIPS 202 version of SHA3, and not the original version of SHA3. NIST selected Keccak as SHA3
+// in January 2013. SHA3 was finalized in FIPS 202 in August 2015, and it was a modified version of the original selection.
+// #define CRYPTOPP_USE_FIPS_202_SHA3
+
 // ***************** Less Important Settings ***************
 
 // Library version
diff --git a/config.recommend b/config.recommend
index 0189f4e3..6bcc52d5 100644
--- a/config.recommend
+++ b/config.recommend
@@ -43,6 +43,10 @@
 # define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS
 #endif
 
+// Define this to choose the FIPS 202 version of SHA3, and not the original version of SHA3. NIST selected Keccak as SHA3
+// in January 2013. SHA3 was finalized in FIPS 202 in August 2015, and it was a modified version of the original selection.
+#define CRYPTOPP_USE_FIPS_202_SHA3
+
 // ***************** Less Important Settings ***************
 
 // Library version
diff --git a/sha3.cpp b/sha3.cpp
index f66ef494..c94bec39 100644
--- a/sha3.cpp
+++ b/sha3.cpp
@@ -280,7 +280,13 @@ void SHA3::Restart()
 void SHA3::TruncatedFinal(byte *hash, size_t size)
 {
 	ThrowIfInvalidTruncatedSize(size);
+
+#if defined(CRYPTOPP_USE_FIPS_202_SHA3)
 	m_state.BytePtr()[m_counter] ^= 0x06;
+#else
+	m_state.BytePtr()[m_counter] ^= 1;
+#endif
+
 	m_state.BytePtr()[r()-1] ^= 0x80;
 	KeccakF1600(m_state);
 	memcpy(hash, m_state, size);