SHA-1 Hash Generator

How to Use the SHA-1 Hash Generator

The SHA-1 Hash Generator produces a 160-bit (40-character hexadecimal) hash from text or file input. While SHA-1 has been deprecated for security-critical applications since 2017, it remains useful for checksums, Git commit hashes, and legacy system compatibility. Understanding SHA-1 and its limitations is important for anyone working with older systems or studying cryptographic history.

Deprecation Warning

SHA-1 is considered cryptographically broken since Google and CWI Amsterdam demonstrated a practical collision attack called SHAttered in 2017. This attack proved that two different PDF files could produce the same SHA-1 hash, undermining the fundamental property that hash functions must provide. As a result, major browsers and certificate authorities no longer accept SHA-1 for SSL/TLS certificates, and NIST has formally deprecated it for digital signature applications.

Text and File Hashing

Enter text or drag a file to generate its SHA-1 hash. The computation runs entirely in your browser using the Web Crypto API. Despite deprecation for security use, SHA-1 remains fast and widely supported across all platforms and programming languages.

The SHAttered Collision Attack

The SHAttered attack required approximately 2^63 SHA-1 computations, equivalent to 6,500 years of single-CPU computation or roughly 110 years of single-GPU computation. While this was enormously expensive when first demonstrated, the cost continues to decrease as hardware improves. In 2020, researchers further demonstrated a chosen-prefix collision attack against SHA-1, making attacks even more practical. These advances confirm that SHA-1 should not be trusted for any security-sensitive application.

Where SHA-1 Is Still Used

Git uses SHA-1 for commit identifiers and object hashing, though the Git project has been transitioning to SHA-256. Many legacy systems, older APIs, and package managers still require SHA-1 checksums for backward compatibility. It is also used in some non-cryptographic deduplication and caching systems where collision resistance against a determined attacker is not critical. HMAC-SHA1 remains secure for message authentication because HMAC's security does not depend on collision resistance.

Migrating to SHA-256

If you are currently using SHA-1 in your applications, migrating to SHA-256 is straightforward in most cases. SHA-256 is supported by the same libraries and APIs that support SHA-1, including the Web Crypto API used by this tool. The main consideration is that SHA-256 produces a 64-character hex string instead of 40 characters, so database columns and validation logic may need updating. The performance difference is negligible for most use cases.

Frequently Asked Questions

Q: Why is SHA-1 deprecated?

A: In 2017, researchers from Google and CWI Amsterdam demonstrated a practical collision attack called SHAttered, proving that two different PDF files could produce the same SHA-1 hash. This makes SHA-1 unsuitable for digital signatures and certificates.

Q: Can I still use SHA-1 for checksums?

A: For non-security checksums like verifying file transfers where an attacker is not actively trying to create collisions, SHA-1 is still functional. However, SHA-256 is recommended as a better default choice for all new projects.

Q: What is the length of a SHA-1 hash?

A: SHA-1 produces a 160-bit hash, displayed as a 40-character hexadecimal string.

Q: Why does Git still use SHA-1?

A: Git adopted SHA-1 in 2005 when it was still considered secure. Changing the hash function in a distributed version control system is a massive undertaking because every repository stores SHA-1 hashes as part of its history. The Git project has been working on SHA-256 support since 2018, and newer versions support SHA-256 as an optional object format. The transition is gradual to maintain backward compatibility.

Q: Is HMAC-SHA1 also broken?

A: No. HMAC-SHA1 is not directly affected by collision attacks because HMAC's security relies on the hash function's pseudorandom properties, not its collision resistance. HMAC-SHA1 is still considered secure for message authentication, though HMAC-SHA256 is preferred for new implementations.