SHA-1 hash generator

Compute SHA-1 hashes of text or files — free, in your browser, nothing uploaded. Provided for legacy compatibility; read the status note below.

drop a file here or browse any size · read locally, never uploaded
SHA-1

the hash appears here — type above or drop a file


Status: broken for security since 2017

Be clear-eyed about this one. SHA-1 collisions went from theoretical (2005) to demonstrated when the SHAttered attack produced two different PDFs with identical hashes in 2017. In 2020, "SHA-1 is a Shambles" delivered chosen-prefix collisions — the variety that forges certificates and signatures — for a computing budget within reach of a motivated organization. Browsers stopped accepting SHA-1 certificates back in 2017; NIST has formally retired it. No new system should trust a SHA-1 for anything an attacker might influence.

Why it's still around

Because half the infrastructure of the 2000s was built on it. Git names every object by SHA-1 (nowadays a hardened variant that detects the known collision patterns, with an optional SHA-256 repository format). Older download archives list 40-character checksums. Legacy APIs still sign with HMAC-SHA1 — which, interestingly, remains unbroken in practice, since HMAC doesn't lean on collision resistance. This page exists for exactly those encounters: checking old published hashes and matching systems you don't control.

What it can still do

Detect accidental corruption. A flipped bit in a download still changes the SHA-1 completely, and no cosmic ray ever engineered a collision. If an old mirror only publishes SHA-1 sums, verifying against them beats verifying nothing — paste the 40-character value into the compare field above, or use the verify tool.

What to use instead

SHA-256, with no caveats — every platform computes it natively and it's the default expectation on download pages. The detailed head-to-head, including why speed is no longer an argument, is in SHA-1 vs SHA-256. Not sure what a 40-character string you found actually is? The hash identifier will tell you.

questions

Is SHA-1 safe to use in 2026?

Not for anything security-related. Practical collisions have existed since the SHAttered attack in 2017, and chosen-prefix collisions — the truly dangerous kind — since 2020. It's still fine for detecting accidental corruption or interoperating with legacy systems that demand it.

Why do some tools still use SHA-1?

Inertia and compatibility. Git identifies objects by SHA-1 (with collision-detection hardening), some older distributions still publish SHA-1 checksums, and plenty of legacy APIs sign with HMAC-SHA1. New designs shouldn't add SHA-1 anywhere.

Is HMAC-SHA1 broken too?

No practical attack is known — HMAC doesn't depend on collision resistance, which is the property that fell. But it's on borrowed time and most providers have migrated to HMAC-SHA256. Match legacy APIs if you must; don't choose it for anything new.

What should I use instead of SHA-1?

SHA-256 is the drop-in answer for checksums and signatures. See SHA-1 vs SHA-256 for the full comparison, including output lengths and speed.

How long is a SHA-1 hash?

40 hexadecimal characters (20 bytes / 160 bits) — the length is often the quickest way to spot one. Compare: MD5 is 32, SHA-256 is 64.