What Is SHA-1?

Quick Answer

SHA-1 is a hash function that produces a 40-character hexadecimal digest. It was designed by the NSA and published as a U.S. federal standard in 1995. In 2017, a practical collision attack was demonstrated, which ended its use in certificates, signatures, and any security-sensitive context.

If you need a SHA-1 hash right now, use the tool directly.

What Is SHA-1?

SHA-1 stands for Secure Hash Algorithm 1. It takes any input and produces a fixed 160-bit digest: always 40 hexadecimal characters, regardless of whether your input is a single character or a 10 GB file.

Like all hash functions, SHA-1 is deterministic and one-way. Feed it the same input and you get the same output every time. Feed it anything different (even changing one character) and you get a completely different output. The string "hello" produces aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d. "Hello" produces f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0.

SHA-1 was designed as the successor to SHA-0 (which had a flaw the NSA corrected but never disclosed publicly) and as an upgrade from MD5. For over a decade it was the standard algorithm for digital signatures, SSL certificates, and code integrity. That changed in 2017.

The SHAttered Attack

In February 2017, researchers from CWI Amsterdam and Google announced they had produced two different PDF files with identical SHA-1 hashes. They called the attack SHAttered. It was the first practical SHA-1 collision.

The attack required roughly 9.2 × 10¹⁸ SHA-1 computations: expensive, but achievable with enough computing power. More importantly, it proved the attack was real and not theoretical. Within weeks, all major certificate authorities stopped issuing SHA-1 certificates, and browsers marked existing SHA-1 sites as untrusted.

NIST had actually deprecated SHA-1 in 2011, six years earlier, which is why the transition was relatively fast once the collision landed. Git, which used SHA-1 for object IDs since its inception, added collision detection shortly after and began its own migration toward SHA-256.

Where SHA-1 Still Appears

SHA-1 still shows up in places where the security model doesn't depend on collision resistance:

• Git object IDs, Each commit, file, and tree in a Git repository has a SHA-1 identifier. This is for integrity and deduplication, not for resisting adversarial attacks. Git's built-in collision detection and the new SHA-256 transition path address the theoretical risk.
• HMAC-SHA1: The HMAC construction (keyed hashing) is more resilient to collision attacks because it requires a secret key. HMAC-SHA1 remains in active use in TOTP authenticators (RFC 6238), which is what most two-factor authentication apps implement.
• Legacy checksums: Older software distributions and mirrors publish SHA-1 checksums. They detect accidental corruption, not deliberate tampering.
• Internal systems: Content-addressable storage and cache keys in systems that predate the SHA-2 migration and haven't been updated yet.

Common Mistakes

Related Tools

• SHA-256 Hash Generator: The current standard for new security applications.
• MD5 Hash Generator: An older 128-bit digest with similar legacy use cases.