Text

SHA-1 Hash Generator

Calculate the SHA-1 hash of any string instantly in your browser. SHA-1 produces a 160-bit hash, but a collision was demonstrated by the SHAttered attack in 2017, making it unsuitable for new applications.

SHA-1

Tips

  • SHA-1 (Secure Hash Algorithm 1) was designed by the NSA and standardized by NIST in 1995. It produces a 160-bit hash represented as 40 hexadecimal characters.
  • In 2017, Google and CWI Amsterdam published the SHAttered attack, producing two different PDF files with identical SHA-1 hashes — definitively ending SHA-1's credibility for security use.
  • Major browsers have treated SHA-1 signatures in SSL/TLS certificates as invalid since 2017. Git has historically used SHA-1 for commit identification and is now migrating to SHA-256.
  • You may still encounter SHA-1 in Git commit hashes, but since Git does not rely on hashes for security guarantees, the practical impact remains limited for now.
  • For any new system design, choose SHA-256 or stronger instead of SHA-1.

Side Note — SHAttered: A Collision Attack 9.2 Quintillion Operations in the Making

In February 2017, Google and CWI Amsterdam announced the "SHAttered" collision attack. Producing two different PDFs with the same SHA-1 hash required a computation equivalent to running 99,000 CPU cores on Google Cloud Platform for more than two years.

The moment SHA-1 moved from "theoretically breakable" to "actually broken." GitHub, Google, and other major services immediately accelerated the deprecation of SHA-1 dependencies. Git formally launched a migration plan to SHA-256 for commit identification.

Despite being "broken," SHA-1 implementations remain in use worldwide. Embedded devices and legacy enterprise systems are notoriously difficult to update, making the full retirement of SHA-1 an ongoing industry-wide challenge.

More tools in this category