SHA-1 Hash Generator
Generate a SHA-1 hash from any text in your browser — free, instant and private. Files and text never leave your device.
100% in your browser — your text never leaves your device.
How to generate a SHA-1 hash
- Type or paste your text into the box above.
- The SHA-1 hash updates instantly as you type — nothing is uploaded.
- Click Copy to copy the hash to your clipboard.
What is SHA-1?
SHA-1 (Secure Hash Algorithm 1) takes any amount of text and produces a fixed 160-bit fingerprint, shown here as 40 hexadecimal characters. Published in 1995, it succeeded MD5 as the standard hash for TLS, code-signing and version control before practical collision attacks pushed the industry toward SHA-256.
Hashing is one-way, not encryption. Encryption is reversible with the right key; hashing is not reversible at all. A SHA-1 hash cannot be decrypted back into the original text — it can only be compared against other hashes to check for a match.
When to use SHA-1 (and when not to)
- Good for — working with legacy systems (like older Git objects) that still reference SHA-1 hashes, or non-adversarial checksums where compatibility matters more than collision-resistance.
- Not for — new certificates, signatures, passwords, or any system where an attacker might try to forge a matching input. Use SHA-256 instead.
Related tools
- SHA-256 hash generator — the modern, collision-resistant standard.
- MD5 hash generator — an even older, shorter checksum hash.
- SHA-512 hash generator — a longer digest for stronger integrity guarantees.
Frequently asked questions
- Is my text uploaded to a server?
- No. SHA-1 is computed entirely in your browser via the Web Crypto API. Your text never leaves your device, so it is safe to hash private notes, tokens or file contents here.
- What is SHA-1 used for today?
- SHA-1 still appears in older Git commit hashes, legacy TLS certificates and some checksum tooling, but it has been phased out of new security-sensitive systems in favor of SHA-256.
- Is SHA-1 secure?
- No. Practical collision attacks against SHA-1 were demonstrated in 2017 (the "SHAttered" attack), and major browsers and certificate authorities have since deprecated it. For anything security-sensitive, use SHA-256 or stronger instead.
- How is SHA-1 different from MD5?
- Both are older hash functions with known weaknesses, but SHA-1 produces a longer 160-bit digest (40 hex characters) versus MD5's 128 bits (32 hex characters), and SHA-1 is somewhat more resistant to brute-force collision attacks than MD5, though still broken for security use.
- Can I reverse a SHA-1 hash back into the original text?
- No. Hashing only goes one way — there is no operation that turns the 40-character hex output back into your original input. It exists to prove two pieces of text match, not to store or recover the text itself.
- Why does changing one character completely change the hash?
- This is called the avalanche effect: SHA-1 is designed so that even a one-bit change in the input flips roughly half the bits in the output. That makes the hash useless for spotting "similar" text — it only tells you whether two inputs are identical or not.
- Why is my SHA-1 hash always 40 characters?
- SHA-1 always produces a 160-bit digest, displayed as 40 hexadecimal characters, regardless of how much text you hash — one word or an entire document both produce the same fixed-length output.