Converter Web ToolsConverter WebTools

SHA-1 Hash

Generate a SHA-1 hash from any text instantly. Everything is computed in your browser, so your input never leaves your device.

Input
Output
Share Link
Settings
Hash

What is SHA-1?

SHA-1 (Secure Hash Algorithm 1) was designed by the NSA and published in 1995. It produces a 160-bit digest shown as 40 hexadecimal characters. For years it was used in TLS certificates, Git and digital signatures. Today SHA-1 is considered broken: in 2017 researchers produced a real-world collision (the SHAttered attack), and browsers and certificate authorities have deprecated it. Use SHA-1 only for non-security purposes such as checksums or compatibility with legacy systems — for anything security-related, use SHA-256 or SHA-3.

Deprecated for security: a practical SHA-1 collision was demonstrated in 2017. Do not use it for certificates or signatures — use SHA-256. This tool runs entirely in your browser.

How SHA-1 works

SHA-1 builds a 160-bit digest with the Merkle–Damgård construction:

  1. Padding — the message is padded and its length appended to a multiple of 512 bits.
  2. Blocks — it is split into 512-bit blocks, each expanded into eighty 32-bit words.
  3. Compression — five 32-bit working variables are updated over 80 rounds of bitwise functions, rotations and constants.
  4. Output — the final five variables are concatenated into 160 bits, shown as 40 hexadecimal characters.

How to use

  1. Type or paste your text into the input box.
  2. The SHA-1 hash is calculated automatically as you type.
  3. Choose your output encoding (Hex or Base64) if needed.
  4. Click Copy to copy the digest to your clipboard.

Examples

InputSHA-1 hash
helloaaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
abca9993e364706816aba3e25717850c26c9cd0d89d
password5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
(empty string)da39a3ee5e6b4b0d3255bfef95601890afd80709

Options explained

  • Output encoding — Show the digest as lowercase or uppercase Hex, or as Base64.
  • Input encoding — Choose how your text is read into bytes (UTF-8 by default; UTF-16, Hex, Base64 and other charsets).
  • HMAC — Enable HMAC-SHA1 with a secret key for keyed message authentication (still used in some legacy APIs and TOTP).

Common uses

  • Legacy compatibility — systems and protocols that still require SHA-1.
  • Git object IDs — historically used for content addressing (not security).
  • Non-security checksums — quick fingerprinting where collisions are not a threat.
  • HMAC-SHA1 — still used by some older APIs and one-time-password (TOTP) schemes.

Frequently asked questions

Is SHA-1 still safe?
No. A practical collision was demonstrated in 2017, so SHA-1 must not be used for certificates, signatures or security.
How long is a SHA-1 hash?
160 bits — 40 hexadecimal characters.
Why does Git use SHA-1?
Git used SHA-1 for content addressing (not security) and is moving toward SHA-256.
What should I use instead of SHA-1?
SHA-256 (SHA-2) or SHA-3 for secure hashing.