Compute secure SHA-1 checksum hashes for any text string. Verify checksum integrity locally.
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function producing 160-bit (20-byte, 40-hexadecimal character) digests, designed by the NSA and published by NIST in 1995. While SHA-1 has been cryptographically broken for new security applications — practical collision attacks were demonstrated by Google's SHAttered research in 2017 — it remains widely used for non-security applications: Git's object addressing, legacy file checksums, and SSH fingerprints in older configurations.
SHA-1 produces a compact 40-character hex digest and runs faster than SHA-256 on older hardware without SHA-NI acceleration. This generator computes SHA-1 hashes locally in your browser using the SubtleCrypto API, useful for verifying legacy checksums, computing Git-compatible object identifiers, and understanding the relationship between input changes and hash output changes.
Git uses SHA-1 as the content-addressable storage key for all objects in its repository database: commits, trees, blobs (file contents), and tags. Each Git object's SHA-1 hash is computed from its type, size, and content. This design allows Git to deduplicate identical content (same content = same hash), detect corruption (hash verifies integrity), and distribute objects peer-to-peer (objects are addressed by content, not location).
Git's use of SHA-1 for object addressing (not security) continued despite SHA-1's collision vulnerabilities because Git uses SHA-1 as a content-addressable hash, not as a security primitive — the risk of a collision attack in a Git repository requires an attacker to control committed content, which has other security controls. Nevertheless, Git 2.29+ added support for SHA-256 as an alternative hash function for new repositories (the experimental object format v1).
The SHAttered attack (2017) by a team from Google and CWI Amsterdam demonstrated the first real-world SHA-1 collision: two different PDF files with identical SHA-1 hashes. This attack required approximately 9.2 × 10^18 SHA-1 computations — enormous but feasible for well-funded adversaries. The attack specifically targets the collision resistance property; pre-image resistance (finding an input for a specific hash) remains computationally infeasible.
NIST formally deprecated SHA-1 for digital signatures in 2011 and prohibited its use in federal applications by 2014. Modern TLS certificates using SHA-1 signatures are rejected by all major browsers. Software integrity verification, digital signatures, and authentication systems must use SHA-256 or stronger. SHA-1 is acceptable only where collision resistance is not a security requirement: non-security checksums, legacy system compatibility, and academic exploration.
SHA-1 is broken for collision resistance — practical attacks exist that can generate two different inputs with the same SHA-1 hash. Do NOT use SHA-1 for: digital signatures (certificates, code signing), password hashing, or security-sensitive integrity verification. SHA-1 remains acceptable for: non-security checksums, legacy system compatibility, Git object addressing (where the collision risk model differs), and learning about hash functions.
The SHAttered attack (2017, by Google and CWI Amsterdam) produced the first documented real-world SHA-1 collision: two different PDF files (a legitimate contract and a fraudulent contract with different content) that share the same SHA-1 hash. This took approximately 110 GPU-years of computation. An attacker could use this to substitute a fraudulent document for a legitimate one while preserving the SHA-1 signature — a catastrophic vulnerability for signature-based trust.
SHA-1 produces a 160-bit (20-byte) binary digest, conventionally displayed as 40 lowercase hexadecimal characters. Each byte becomes two hex characters (00-ff). The hex string contains only characters 0-9 and a-f. Some systems prefix SHA-1 hashes with 'sha1:' for clarity. Git displays only the first 7-10 characters of the 40-character hash as an abbreviated reference.
SHA-1 processes 512-bit blocks through 80 rounds (vs SHA-256's 64 rounds with larger state words). SHA-1 uses 160-bit state (five 32-bit words) vs SHA-256's 256-bit state (eight 32-bit words). SHA-256 uses a more sophisticated message expansion and round constants derived from the first 64 prime numbers. SHA-256 provides 128 bits of security vs SHA-1's theoretical (now practically broken) 80 bits.
No — SHA-1 retains pre-image resistance (given a hash H, finding any input M with SHA-1(M)=H). Only collision resistance is broken (finding two inputs M₁≠M₂ with SHA-1(M₁)=SHA-1(M₂)). Short predictable inputs (short passwords, common words) can be cracked via rainbow tables regardless — they're the same precomputed dictionary attacks that apply to any hash function, not exploitation of SHA-1's specific weakness.