Text to hash
SHA-1 Hash

About the SHA-1 Hash Generator

What is a SHA-1 hash?

SHA-1 produces a 160-bit fingerprint, shown as 40 hexadecimal characters, from any text or file. For years it was the default hash across the web, and it still appears everywhere: Git uses it to identify commits, and many older systems and protocols rely on it.

Like MD5, SHA-1 is no longer safe against deliberate attacks: a real-world collision was demonstrated in 2017, so it must not be used for digital certificates, signatures or anything security-critical. It is still fine for non-adversarial integrity checks and for interoperating with systems that require it. Everything is computed locally in your browser using the built-in Web Crypto API, so nothing you enter is transmitted anywhere.

How to Use This Tool

  1. Enter your input. Type or paste text on the Text tab, or switch to the File tab and drop in a file. The SHA-1 hash appears instantly.
  2. Choose the output. Switch between hexadecimal and Base64, and pick upper or lowercase hex.
  3. Verify a checksum. Paste a hash you were given into the compare box and the tool tells you instantly whether it matches.
  4. Copy the result. One click copies the SHA-1 hash to your clipboard.

Common Use Cases

  • Git and version control: Git identifies every commit, tree and blob by its SHA-1, so you may need one to match an object.
  • Integrity checks: verify a file or message matches a SHA-1 published elsewhere.
  • HMAC-SHA1 signatures: some APIs (including older AWS request signing) authenticate requests with HMAC-SHA1; switch on HMAC mode and add the key.
  • Legacy compatibility: systems that predate SHA-256 often expect SHA-1, and this produces a matching value.

Frequently Asked Questions

Is SHA-1 still safe to use?

Not for security. A practical collision attack against SHA-1 was published in 2017, so it is unsuitable for TLS certificates, code signing or any use where an attacker could benefit from forging a match. For non-adversarial integrity checks and for talking to systems that still require SHA-1, it works fine.

Why does Git use SHA-1?

Git uses SHA-1 as a content identifier, not as a security measure: every commit and file is named by its hash so Git can detect changes and deduplicate content. Because the threat model is accidental corruption rather than a malicious forger, SHA-1 remains practical there, though Git is gradually moving toward SHA-256.

How long is a SHA-1 hash?

SHA-1 is 160 bits, written as 40 hexadecimal characters or 28 characters in Base64. The output length is fixed regardless of the input size.

What is HMAC-SHA1?

HMAC-SHA1 combines SHA-1 with a secret key to produce a keyed hash that proves both integrity and authenticity. It is still used by some APIs for request signing. Enable HMAC mode above and enter the shared secret to generate one.

SHA-1 vs SHA-256, which should I choose?

For anything new, choose SHA-256. Only use SHA-1 when an existing system explicitly requires it. SHA-256 is not meaningfully slower for everyday use and has no known practical weaknesses.

Can I hash a file with SHA-1?

Yes. Use the File tab to drop in any file; it is hashed locally in your browser and produces the same value as a command-line sha1sum.