Hash Tools

SHA-1 Hash Generator

Generate a SHA-1 hash from any text in your browser — free, instant and private. Files and text never leave your device.

100% in your browser — your text never leaves your device.

SHA-1 hash
Start typing above to see the SHA-1 hash.

How to generate a SHA-1 hash

  1. Type or paste your text into the box above.
  2. The SHA-1 hash updates instantly as you type — nothing is uploaded.
  3. Click Copy to copy the hash to your clipboard.

What is SHA-1?

SHA-1 (Secure Hash Algorithm 1) takes any amount of text and produces a fixed 160-bit fingerprint, shown here as 40 hexadecimal characters. Published in 1995, it succeeded MD5 as the standard hash for TLS, code-signing and version control before practical collision attacks pushed the industry toward SHA-256.

Hashing is one-way, not encryption. Encryption is reversible with the right key; hashing is not reversible at all. A SHA-1 hash cannot be decrypted back into the original text — it can only be compared against other hashes to check for a match.

When to use SHA-1 (and when not to)

  • Good for — working with legacy systems (like older Git objects) that still reference SHA-1 hashes, or non-adversarial checksums where compatibility matters more than collision-resistance.
  • Not for — new certificates, signatures, passwords, or any system where an attacker might try to forge a matching input. Use SHA-256 instead.

Related tools

Frequently asked questions

Is my text uploaded to a server?
No. SHA-1 is computed entirely in your browser via the Web Crypto API. Your text never leaves your device, so it is safe to hash private notes, tokens or file contents here.
What is SHA-1 used for today?
SHA-1 still appears in older Git commit hashes, legacy TLS certificates and some checksum tooling, but it has been phased out of new security-sensitive systems in favor of SHA-256.
Is SHA-1 secure?
No. Practical collision attacks against SHA-1 were demonstrated in 2017 (the "SHAttered" attack), and major browsers and certificate authorities have since deprecated it. For anything security-sensitive, use SHA-256 or stronger instead.
How is SHA-1 different from MD5?
Both are older hash functions with known weaknesses, but SHA-1 produces a longer 160-bit digest (40 hex characters) versus MD5's 128 bits (32 hex characters), and SHA-1 is somewhat more resistant to brute-force collision attacks than MD5, though still broken for security use.
Can I reverse a SHA-1 hash back into the original text?
No. Hashing only goes one way — there is no operation that turns the 40-character hex output back into your original input. It exists to prove two pieces of text match, not to store or recover the text itself.
Why does changing one character completely change the hash?
This is called the avalanche effect: SHA-1 is designed so that even a one-bit change in the input flips roughly half the bits in the output. That makes the hash useless for spotting "similar" text — it only tells you whether two inputs are identical or not.
Why is my SHA-1 hash always 40 characters?
SHA-1 always produces a 160-bit digest, displayed as 40 hexadecimal characters, regardless of how much text you hash — one word or an entire document both produce the same fixed-length output.