SHA-1

Generate SHA-1 digest

160-bit · 40 hex chars Case
SHA-1 is cryptographically broken. Use it for checksums and legacy compatibility only — never for security. Prefer SHA-256.
Message 43 chars · 43 B
SHA-1 Digest
Digest appears live as you type…
Algorithm
SHA-1
Output length
0 chars
Deep dive

SHA-1, and why it's deprecated

SHA-1 is a hash function published by NIST in 1995 (FIPS 180-1). Like any hash it maps input of any size to a fixed digest — here 160 bits, shown as 40 hexadecimal characters — and it's deterministic and one-way. For two decades it was the default for signatures, certificates, and version control.

The problem is collision resistance. A secure hash should make it infeasible to find two inputs with the same digest, but for SHA-1 that's no longer true: the 2017 SHAttered research produced a real collision, and a 2020 chosen-prefix attack lowered the cost further. Once collisions are practical, a hash can be forged, so SHA-1 was dropped from TLS certificates and formally deprecated.

It isn't useless — for checksums and legacy compatibility where no attacker is involved, SHA-1 still does its job. Just reach for SHA-256 anywhere security depends on it. Everything here runs locally via the browser's Web Crypto API.

Reference

When SHA-1 is (and isn't) OK

Still fine for

Non-adversarial uses where you only care about accidental change.

Matching an existing SHA-1 hash
Detecting file corruption
Legacy system compatibility
Use SHA-256 instead for

Anything where someone might try to forge a match on purpose.

Digital signatures & certs
Security-critical integrity
Content you can't trust
Reference

MD5 vs SHA-1 vs SHA-256

AlgorithmDigest sizeSecurity status
MD5128 bitsBroken
SHA-1160 bitsBroken
SHA-256256 bitsSecure

SHA-1 produces a larger digest than MD5, but both are collision-broken. Migrate security-critical uses to SHA-256.

In practice

Where it still shows up

01

Verifying a legacy checksum

Confirm a download against a SHA-1 sum an older project published before SHA-256 became standard.

02

Working with Git objects

Reproduce or check the SHA-1 object IDs Git has historically used for commits and blobs.

03

Migrating off SHA-1

Compare SHA-1 and SHA-256 of the same input while moving an old system to a stronger digest.

Questions

Frequently asked questions

No — not for anything security-related. SHA-1 is collision-broken: the 2017 SHAttered attack produced two different PDFs with the same digest, and a 2020 chosen-prefix attack made forgeries far cheaper. NIST has deprecated it and browsers stopped trusting SHA-1 certificates years ago. Use SHA-256 for signatures, certificates, and integrity that matters.

Legacy compatibility. Plenty of older systems, file checksums, and protocols still emit SHA-1, and git historically used it for object IDs (it's migrating to SHA-256). For non-adversarial uses — matching an existing hash, detecting accidental corruption — it still works; just don't rely on it to stop a motivated attacker.

A collision attack occurs when two distinct inputs are engineered to produce the identical hash digest. In 2017 researchers demonstrated a practical collision (SHAttered) against SHA-1, which rendered it unsafe for digital certificates and signatures.

SHA-1 outputs 160 bits (40 hex characters); MD5 outputs 128 bits (32 hex) and SHA-256 outputs 256 bits (64 hex). MD5 is faster but weaker; SHA-256 (SHA-2 family) has no practical collision attack while SHA-1 and MD5 do. Pick SHA-256 unless you need SHA-1 for compatibility.

Yes — that's exactly what a collision is, and for SHA-1 it's been demonstrated in practice, not just in theory. That's why it can no longer be trusted to uniquely fingerprint untrusted content.

No. The digest is computed locally with the browser's Web Crypto API, so your input never leaves the page.

Related

Pairs well with

© 2026. Syntaxly | Built for the minimalist developer.