Skip to content

SHA-1 Hash Generator (160-bit Legacy)

Generate SHA-1 hashes in your browser — 40-character hex output, no upload. Legacy tool for Git fingerprints, old certificate checks, and migration audits. Data never leaves your device.

No Tracking Runs in Browser Free
⚠️ SHA-1 is a legacy algorithm. Use SHA-256 for new work. All hashing runs locally — no data is uploaded.
Algorithm
Reviewed for SHA-1 correctness against NIST FIPS 180-1 test vectors; deprecation framing verified against NIST SP 800-131A — Go Tools Engineering Team · May 28, 2026

What Is SHA-1?

SHA-1 (Secure Hash Algorithm 1) is a 160-bit cryptographic hash function published by NIST in 1995 as FIPS 180-1. It was designed by the U.S. National Security Agency to replace SHA-0 (a flawed earlier version quickly withdrawn in 1993) and was the dominant hash algorithm for digital signatures, TLS certificates, and code signing through the 2000s.

History of breaks: In 2005, Xiaoyun Wang's team published a theoretical attack reducing SHA-1 collision resistance from the expected 2^80 to 2^63 operations — a theoretical break, but not yet practical. In February 2017, Google and CWI Amsterdam released the SHAttered attack, producing two distinct PDF documents with identical SHA-1 hashes using approximately 110 GPU-years of computation. This was the definitive practical break. NIST had already deprecated SHA-1 for signatures in 2011 (NIST SP 800-131A); browser vendors and Certificate Authorities followed by removing SHA-1 certificate support in 2016–2017.

Current status: SHA-1 is deprecated for all security-sensitive uses — digital signatures, certificate fingerprints, password storage, and code signing. It persists in Git's object-ID format (commit hashes), where it is used for content addressing rather than security, and in legacy software checksums where administrators have not yet migrated. The Git project added SHA-256 object format support in version 2.29 (October 2020). All new projects should use SHA-256 or stronger.

This tool computes SHA-1 entirely in your browser using crypto.subtle.digest('SHA-1', ...) from the Web Crypto API. The 40-character hex output is identical to what sha1sum, openssl dgst -sha1, or git hash-object produce. No bytes are sent to any server.

SHA-1 vs the SHA-2 family: SHA-1 produces 40 hex chars (160 bits). SHA-256 produces 64 hex chars (256 bits) and has no known weaknesses. MD5 produces 32 hex chars (128 bits) and was broken earlier (2004). For any new hashing work, SHA-256 is the standard choice.

// Hash text using Web Crypto API (SHA-1 — legacy use only)
async function sha1(text) {
  const data = new TextEncoder().encode(text);
  const hash = await crypto.subtle.digest('SHA-1', data);
  return Array.from(new Uint8Array(hash))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

await sha1('Hello, World!');
// → '0a0a9f2a6772942557ab5355d76af442f8f65e01'
// ⚠️ SHA-1 is broken — use SHA-256 for new work.

SHA-1 Examples

Look up a Git commit fingerprint

tree 4b825dc642cb6eb9a060e54bf8d69288fbee4904
author A Dev <dev@example.com> 1716854400 +0000
committer A Dev <dev@example.com> 1716854400 +0000

Initial commit

Git stores every commit as a blob whose SHA-1 is computed from the commit header plus contents in exactly this format. The 40-character hex string that `git log` shows is a direct SHA-1 fingerprint. Paste the raw commit object text here to reproduce the same hash — useful when debugging `git cat-file` output or verifying a mirror repository hasn't tampered with history. Note: Git 2.29+ supports SHA-256 mode (git init --object-format=sha256), and GitHub's object store will eventually migrate. For new repositories, prefer SHA-256 mode.

Verify a legacy TLS certificate fingerprint

-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKlL...
-----END CERTIFICATE-----

Before 2017, browsers displayed certificate fingerprints as 40-character SHA-1 hex strings. CAs stopped issuing SHA-1-signed certificates in January 2016, and all major browsers removed support by early 2017. If you are auditing an old internal certificate or validating a legacy IoT device, paste the PEM body here to reproduce the SHA-1 fingerprint for comparison. Modern workflows use the 64-character SHA-256 fingerprint instead.

Old software download verification

node-v0.12.7-linux-x64.tar.gz

Some older software archives still only publish a SHA-1 checksum alongside the download. While this provides basic corruption detection (not tamper detection), it is still better than no checksum at all. Use the File tab to drop the archive in, compute the SHA-1, then compare it against the publisher's posted value. If SHA-256 is also available, always prefer that. For new archives, insist on SHA-256 or SHA-512 checksums.

SHAttered collision demonstration

(Paste the Google/CWI shattered-1.pdf file content via the File tab)

In February 2017 Google and CWI Amsterdam released the SHAttered attack — the first practical SHA-1 collision. They produced two different PDF files (shattered-1.pdf and shattered-2.pdf) that hash to the identical SHA-1 value: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a. Dropping either PDF into this tool's File tab produces that exact hash, proving the collision is real. This demonstration is the clearest evidence of why SHA-1 is broken: two different documents with the same fingerprint means the fingerprint is no longer a reliable identity. Use SHA-256 for all new document integrity workflows.

How to Generate SHA-1 Hashes

  1. 1

    Paste text or drop a file

    Select the Text tab and paste any string — a commit message, certificate body, or legacy checksum input — into the input area. The SHA-1 hash updates as you type. For files, switch to the File tab and drag any file into the dropzone; the browser hashes it locally without any upload.

  2. 2

    Copy the 40-character hash

    Click the Copy button next to the hash output. The full 40-character lowercase hex string goes to your clipboard. Use the Uppercase toggle if your legacy system expects uppercase hex — some old tools and Windows APIs default to uppercase.

  3. 3

    Compare against a legacy fingerprint

    Switch to the Compare tab and paste two SHA-1 hashes side by side to confirm they match. Useful for validating a legacy publisher checksum, auditing a mirrored Git repository, or checking an old TLS certificate fingerprint from a document that predates SHA-256 adoption.

Technical Details

Algorithm: Merkle-Damgård construction, 80 rounds
SHA-1 processes input in 512-bit (64-byte) blocks, applying 80 rounds of bitwise operations grouped into four 20-round stages, each with a different logical function (Ch, Parity, Maj, Parity) and additive constant derived from square roots of small integers. The initial hash state is five 32-bit words (A–E), and the final hash is the concatenation of those words after the last block. Implementation defined in FIPS 180-1 (1995), superseded by FIPS 180-4 (2015) which formally includes deprecation language.
Output: 160 bits, 40 hex characters
Always exactly 40 lowercase hexadecimal characters (160 bits = 20 bytes, encoded as 2 hex chars per byte). The output length is fixed regardless of input size. Compared to SHA-256's 64 chars, the shorter output provides fewer bits of collision resistance — a key factor in why SHA-1 was broken before SHA-256.
Performance: fast but that is part of the problem
SHA-1 is fast — typically 400–700 MB/s in a browser using Web Crypto, competitive with SHA-256. For an attacker, this speed is an asset: a modern GPU cluster can compute billions of SHA-1 hashes per second, accelerating brute-force and collision searches. Speed is why SHA-1 (like MD5) must never be used for password storage — use bcrypt, scrypt, or Argon2 instead.
Standards: FIPS 180-1 (1995) — deprecated in FIPS 180-4 context
SHA-1 was standardized in FIPS 180-1 (1995), replacing the flawed SHA-0. NIST deprecated SHA-1 for digital signatures in NIST SP 800-131A (2011) and in FIPS 186-5 (2023) formally disallowed it for all digital signature generation. RFC 6194 (2011) documented known security considerations. The W3C WebCrypto API still includes SHA-1 for legacy interoperability reasons, which is how this browser tool can compute it.

Best Practices

Never use SHA-1 for security-sensitive operations
SHA-1 is deprecated for digital signatures, TLS certificates, code signing, password storage, and any workflow where collision resistance matters. The 2017 SHAttered attack demonstrated practical collisions. For all security uses, migrate to SHA-256 or SHA-3. The cost difference is negligible on modern hardware — SHA-256 is hardware-accelerated in all current CPUs and GPU pipelines.
SHA-1 for legacy fingerprint lookup is acceptable
If you need to verify a pre-2017 file checksum, look up a Git commit ID, or inspect an old certificate fingerprint for audit purposes, SHA-1 is appropriate. The hash itself is not being used to make a trust decision — you are just reproducing a known fingerprint for cross-reference. Document this explicitly in your audit logs: 'SHA-1 used for legacy reference only, not for security validation.'
Always hash UTF-8 bytes, not Unicode code points
SHA-1, like all hash algorithms, operates on bytes, not characters. The same string encoded as UTF-8 vs UTF-16 produces different hashes. This tool always encodes input as UTF-8 without BOM before hashing. If you need to match a system that uses a different encoding (Windows UTF-16-LE, Latin-1), you must pre-encode the input externally before comparing hashes.
Use constant-time comparison when verifying hashes in code
If you compare two SHA-1 hashes in code, use a constant-time equality check — Node.js crypto.timingSafeEqual(), Python hmac.compare_digest() — rather than naive string equality (=== or ==). Naive comparison leaks timing information that can theoretically allow an attacker to reconstruct the expected hash byte-by-byte. This is a defense-in-depth measure even for legacy SHA-1 verification.

SHA-1 FAQ

Is SHA-1 still safe to use?
No. SHA-1 was theoretically weakened in 2005, and in February 2017 Google and CWI Amsterdam demonstrated the first practical collision via the SHAttered attack — two different PDF files with identical SHA-1 hashes. NIST deprecated SHA-1 for digital signatures in 2011 (NIST SP 800-131A) and all major browsers and Certificate Authorities stopped accepting SHA-1 certificates by 2017. SHA-1 is broken for any security-sensitive use: signatures, certificates, password storage. For all new work, switch to SHA-256.
Why does Git still use SHA-1?
Git uses SHA-1 for object IDs (commit hashes, tree hashes, blob hashes) because it was designed in 2005 when SHA-1 was still widely trusted. Git's use is not a cryptographic signature — it is a content-addressing scheme used to detect accidental corruption, not deliberate tampering. The Git project has been migrating since Git 2.29 (2020), which added --object-format=sha256 support. GitHub and large forges are gradually rolling out SHA-256 mode. Existing repositories can be converted, but the migration is complex due to the billions of existing commit IDs. For now, SHA-1 commit IDs remain how most Git history is stored, making this tool useful for cross-checking commit object hashes.
Should I migrate from SHA-1 to SHA-256?
Yes, for any security-sensitive system. Concrete migration checklist: (1) TLS certificates — if you still have SHA-1-signed certs, replace them immediately; CAs will not issue new ones anyway. (2) API signatures and HMACs — replace with HMAC-SHA-256. (3) Password hashes stored as SHA-1 — migrate to bcrypt or Argon2. (4) Document or package checksums — republish with SHA-256 alongside or replacing SHA-1. (5) Git repositories — opt into SHA-256 mode for new repos if your toolchain supports it. Legacy checksums on archived downloads can remain as-is since they only need to detect accidental corruption.
What was the SHAttered attack?
SHAttered (shattered.io, February 2017) was a practical SHA-1 collision produced by Google Security and CWI Amsterdam. The attack cost approximately 110 GPU-years of computation (~$110,000 USD at 2017 cloud prices) and produced two distinct PDF files that produce the same SHA-1 hash: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a. This shattered the assumption that SHA-1 collisions were only theoretical. The attack works by exploiting a differential path in SHA-1's compression function. By 2020, the cost of a chosen-prefix SHA-1 collision had dropped to ~$45,000. Contrast with SHA-256, for which no collision of any kind has ever been found.
Can SHA-1 collisions happen accidentally?
Accidentally stumbling on a SHA-1 collision without deliberate effort is still astronomically unlikely — there are 2^160 possible SHA-1 values, so random collision probability is roughly 1 in 10^24 for any two given inputs. The danger is adversarial: a determined attacker can now craft a collision for around $45,000. Accidental corruption of Git history is not a realistic threat from SHA-1 weakness. The real risk is in digitally signed documents, certificates, and code-signing workflows where an attacker could substitute a malicious document with the same hash as a trusted one.
Is SHA-1 OK for non-security uses like checksums?
For detecting accidental data corruption — a garbled download, a flipped bit on disk — SHA-1 is technically still adequate, since accidental collisions are still essentially impossible. However, there is little reason to use SHA-1 even for non-security checksums today, because SHA-256 is only marginally slower (hardware-accelerated in all modern CPUs), universally supported, and future-proof. The only legitimate reason to use SHA-1 now is interoperability with a legacy system that only accepts 40-character hex fingerprints.
How long is a SHA-1 hash?
A SHA-1 hash is always exactly 160 bits, represented as 40 hexadecimal characters (2 hex chars per byte × 20 bytes). The output length is fixed regardless of input size — hashing a single character or a 10 GB file both produce exactly 40 hex chars. Compare: MD5 produces 32 hex chars (128 bits), SHA-256 produces 64 hex chars (256 bits), and SHA-512 produces 128 hex chars (512 bits). The shorter output relative to SHA-256 is one reason SHA-1's collision resistance is weaker — fewer possible values means collisions are statistically easier to find.
Is my input sent to any server?
No. SHA-1 is computed entirely in your browser using the Web Crypto API (crypto.subtle.digest('SHA-1', data)). Open DevTools → Network tab while hashing — you will see zero outgoing requests. Files you drop in are read via the FileReader API and hashed locally; the bytes never leave your machine. This makes the tool safe for hashing confidential documents, legacy certificates, or proprietary source code fingerprints. The same privacy guarantee applies to the SHA-256 generator.
Why does my SHA-1 output differ from sha1sum on the command line?
Almost always a trailing newline. The shell command echo 'hello' | sha1sum includes a newline (\n) after 'hello', so it hashes 'hello\n' not 'hello'. Use echo -n 'hello' | sha1sum or printf '%s' 'hello' | sha1sum to strip it. Other common causes: Windows line endings (\r\n vs \n), UTF-8 BOM at the start of the file, or encoding differences (UTF-8 vs Latin-1). This tool encodes input as UTF-8 without BOM before hashing.

Related Tools

View all tools →

JWT Decoder

Security Tools

Decode JWT tokens online with our free JWT decoder. Instantly inspect header, payload, signature, expiration, algorithm, and claims. 100% browser-based — your token never leaves your device. No signup, no tracking.

MD5 Hash Generator & File Checksum Tool

Security Tools

Generate MD5, SHA-256, SHA-1 & SHA-512 hashes online for free. Hash text or files in your browser, verify checksums and copy results. No signup needed.

Random Password Generator — Customizable, Strong & Secure

Security Tools

Generate strong random passwords instantly — free, 100% in your browser. Customize length & characters, batch up to 50 with entropy analysis.

SHA-256 Hash Generator & Checksum Tool

Security Tools

Generate SHA-256 hashes online for free. Hash text or files in your browser, verify checksums, and copy 64-character hex output. No signup; data never leaves the page.

SHA-3 Hash Generator (Keccak SHA3-256)

Security Tools

Generate SHA-3 hashes online free. NIST FIPS 202 sponge construction — the post-SHA-2 standard. SHA3-256 output in 64 hex chars. Browser-only via lazy-loaded js-sha3; zero uploads.

SHA-384 Hash Generator (TLS Suite B Hash)

Security Tools

Generate SHA-384 hashes online — 96-character hex output, length-extension immune, NSA Suite B compliant. Paired with AES-256-GCM in TLS. All hashing runs in your browser via Web Crypto API.