SHA1 Generator
SHA1 Generator produces a 160-bit SHA-1 digest from any text, shown as 40 lowercase hex characters. It recomputes as you type using the browser's native Web Crypto API — your data stays on your device.
SHA-1 is still common in legacy systems and Git object IDs, but it is no longer collision-resistant. Treat it as a fingerprint for compatibility, not as a security guarantee.
How to use SHA1 Generator
- 1
Enter your text
Type or paste any string. It is encoded as UTF-8 before hashing.
- 2
Read the digest
The 40-character hex SHA-1 appears instantly with input character and byte counts.
- 3
Copy the result
Optionally switch to uppercase hex, then copy the digest with one click.
What is SHA-1?
SHA-1 (Secure Hash Algorithm 1) is a 1995 NSA-designed hash that outputs a 160-bit value as 40 hex characters. For years it was the default for TLS certificates, Git commits and many integrity checks.
Like all hash functions it is deterministic and avalanching: identical input gives identical output, and a tiny change scrambles the whole digest.
When (not) to use it
In 2017 the SHAttered research demonstrated a real-world SHA-1 collision, and cheaper chosen-prefix collisions followed. As a result, browsers and certificate authorities have fully deprecated SHA-1 for signatures and TLS.
Today SHA-1 is appropriate only for non-adversarial fingerprinting and compatibility with existing systems (for example reading Git object hashes). For new security work choose SHA-256 or SHA-512, and for passwords use bcrypt — never a raw SHA hash.
Frequently asked questions
- How long is a SHA-1 hash?
- 160 bits, shown as 40 hexadecimal characters, for any length of input.
- Is SHA-1 still safe to use?
- Not for security. Practical collisions exist, so SHA-1 is deprecated for signatures and certificates. It remains usable as a non-security checksum or fingerprint.
- Does this run on a server?
- No. The hash is computed locally with the Web Crypto API, so nothing is transmitted.
Last updated: