SHA-1 Hash Generator

What is SHA-1?

SHA-1 (Secure Hash Algorithm 1) was published by NIST in 1995 and produces a 160-bit (40 hex character) digest. It was the dominant cryptographic hash function for over a decade and is still used internally by tools like Git for commit and object identifiers.

Why SHA-1 is deprecated

In 2017, the Google/CWI SHAttered attack demonstrated the first practical SHA-1 collision; in 2020 chosen-prefix collisions dropped to roughly $45k of cloud compute. NIST has formally deprecated SHA-1 for digital signatures and major browsers and certificate authorities removed support years ago. Do not use SHA-1 for any new security-sensitive purpose.

When SHA-1 is still OK

SHA-1 remains acceptable for non-adversarial integrity checks and compatibility with legacy systems: Git commit hashes, older package checksums, fingerprinting where collision resistance is not the threat model. For anything else — signing, password storage, content addressing under adversarial conditions — use SHA-256 or SHA-512.