SHA-1 Hash Generator

Generate SHA-1 (160-bit) hashes from text or files. Supports HMAC-SHA1 and file checksum verification.

Enter text and click Generate to create a SHA-1 hash

Other Hash Algorithms

MD5 SHA-1 SHA-256 SHA-512 SHA3-256 SHA3-512 BLAKE2b Scrypt Bcrypt Argon2

What is SHA-1?

SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function that produces a 160-bit (20-byte) hash value, displayed as a 40-character hexadecimal string. Published by NIST in 1995 as part of the Digital Signature Algorithm, SHA-1 was the standard for digital signatures and certificates for over 15 years.

How SHA-1 Works

SHA-1 processes input in 512-bit blocks through 80 rounds of operations. It maintains a 160-bit state (five 32-bit words) and uses message expansion, bitwise operations, and modular addition. Each round applies a different logical function (Ch, Parity, Maj) and a round constant.

Output

40 hex characters (160 bits)

Year

1995

Status

⚠ Deprecated

Common Use Cases

  • Git version control (commit identifiers)
  • Legacy certificate verification
  • HMAC-SHA1 for OAuth 1.0 and TOTP
  • Non-security file checksums
  • Data deduplication

Security Considerations

SHA-1 is deprecated for security use. Google demonstrated a practical collision attack (SHAttered) in 2017, producing two different PDFs with the same SHA-1 hash. All major browsers and CAs stopped accepting SHA-1 certificates. Use SHA-256 or SHA-3 for security applications.

SHA-1 vs Other Algorithms

SHA-1 provides 160 bits of output, falling between MD5 (128 bits) and SHA-256 (256 bits). While stronger than MD5, the 2017 SHAttered attack proved SHA-1 collisions are practical. SHA-256 remains unbroken and is the recommended replacement. Git is gradually migrating from SHA-1 to SHA-256.

Frequently Asked Questions

What is SHA-1?
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function producing a 160-bit hash. Published by NIST in 1995, it was widely used for digital signatures and certificates but is now deprecated due to collision vulnerabilities.
Is SHA-1 still secure?
No. SHA-1 is deprecated for security purposes since Google's SHAttered attack in 2017 demonstrated practical collisions. All major browsers and certificate authorities have stopped accepting SHA-1 certificates.
Why does Git use SHA-1?
Git adopted SHA-1 in 2005 when it was still considered secure. Git uses SHA-1 for content-addressable storage, not security. The Git project is migrating to SHA-256 with the "NewHash" initiative.
How long is a SHA-1 hash?
A SHA-1 hash is 160 bits (20 bytes), typically displayed as a 40-character hexadecimal string. Example: da39a3ee5e6b4b0d3255bfef95601890afd80709
What is HMAC-SHA1?
HMAC-SHA1 combines SHA-1 with a secret key for message authentication. It's still used in OAuth 1.0, TOTP (time-based one-time passwords), and some API authentication schemes. HMAC-SHA1 remains practically secure even though SHA-1 alone has collision issues.
Should I use SHA-1 or SHA-256?
Always prefer SHA-256 for new projects. SHA-1 should only be used for backward compatibility with existing systems. For the strongest security, consider SHA-3.

More Developer Tools

Namso Gen

namso.io

Random IBAN

randomiban.co

Random IMEI

randomimei.com

Random MAC

randommac.com

UUID Gen

createuuid.com

Password Gen

password-generator.co

Lorem Ipsum

makelorem.com

JSON Format

jsonformat.co

Hex to ASCII

hextoascii.co

Base64

base64decode.co

Char Counter

charcounter.io

QR Code

makeqrcode.io

URL Encode

urlencode.co

Morse Code

decodemorse.com

Binary Text

texttobinary.io

HTML Entities

htmlentities.io

Age Calc

calculateage.io

Compound Calc

compoundcalculator.io