simpletool.io Browse tools

Tag: Legacy

  • SHA-1 Hash Generator: Compute SHA1 Online [2026]

    SHA-1 Hash Generator: Compute SHA1 Online [2026]

    TL;DR: SHA-1 produces a 160-bit (40 hex character) hash from any input. Designed by NSA in 1995, it was the workhorse of digital signatures and certificates for two decades. Practical collision attacks were demonstrated in 2017 (the SHAttered attack from Google + CWI), so SHA-1 is broken for security — never use it to sign documents, store passwords, or verify integrity against a malicious actor. It’s still legitimately used as a non-security checksum (Git internal object IDs, legacy software hashes, file fingerprinting). Our free SHA-1 generator uses WebCrypto, runs in your browser, and is honest about when SHA-1 is the right pick.

    SHA-1 is the awkward middle child of the cryptographic hash family — newer than MD5, older than SHA-2, broken by modern attacks but still embedded everywhere a system was designed before 2017. Git stores every object by its SHA-1 hash; many enterprise systems still verify file integrity with SHA-1 against an immutable log; some legacy package managers and OS update systems haven’t migrated. Knowing when SHA-1 is acceptable and when it’s a security hole is more useful than blanket avoidance.

    Our SHA-1 hash generator uses the browser’s native SubtleCrypto.digest('SHA-1', ...) API and runs entirely on your device. Use it to compute Git-compatible object hashes, verify legacy checksums, or recreate hashes from a reference document. This guide covers exactly how SHA-1 broke, where it’s still safe, and the migration path everywhere else.

    When SHA-1 is acceptable — and when it isn’t

    Use case SHA-1 OK? Why
    Git object IDs Yes (transitioning) Git uses SHA-1 with collision-detection patches; SHA-256 mode in Git 2.29+
    Non-adversarial file checksum Yes If no attacker controls the input, accidental collisions are astronomically unlikely
    Database fingerprint key Yes Internal use, no untrusted input
    TLS certificate signature No Browsers reject SHA-1 certificates since 2017
    Code signing No Microsoft, Apple, Mozilla all rejected SHA-1 by 2018
    Password storage (any form) No Use bcrypt / argon2; never use bare SHA-1 even with salt
    HMAC for authenticated messages Maybe HMAC-SHA-1 is weakly protected; use HMAC-SHA-256 instead
    Document signing for legal use No Forgeable by a determined attacker; use SHA-256+

    What “broken” actually means — the SHAttered attack

    In February 2017 Google and CWI published SHAttered: two distinct PDF files with the same SHA-1 hash. The attack required ~6,500 CPU-years and 110 GPU-years of compute, costing roughly $110,000 in 2017 cloud compute. Today the same attack costs a fraction of that. The attack proves that SHA-1 collisions are practically findable — meaning an attacker can craft two documents (an innocent contract and a malicious one) that hash to the same value, then swap them after one is signed.

    SHA-1 is still preimage-resistant for now — given a hash, there’s no faster way than brute force to find an input that produces it. So legacy systems that store SHA-1 hashes of inputs that already exist (e.g., file fingerprints in a backup index) aren’t immediately broken. But any system that signs, certifies, or trusts a SHA-1 hash from a third party is at risk.

    How to compute SHA-1 in your browser

    1. Open the SHA-1 hash generator
    2. Type or paste text — the digest appears live
    3. Or drop a file — bytes are streamed through the browser’s WebCrypto API, no upload
    4. Click Copy. Toggle UPPERCASE or lowercase hex output
    5. For HMAC-SHA-1 (legacy auth headers), click HMAC mode and paste a key

    Code: SHA-1 in JavaScript

    Same WebCrypto API as SHA-256 / SHA-512 — only the algorithm name changes:

    async function sha1(text) {
  const buffer = new TextEncoder().encode(text);
  const hash = await crypto.subtle.digest("SHA-1", buffer);
  return [...new Uint8Array(hash)]
    .map((b) => b.toString(16).padStart(2, "0"))
    .join("");
}

// sha1("hello world") returns
// "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"

    Common gotchas

    • UTF-8 encoding before hashing. Same input, different encoding, different hash. "café" as UTF-8 is 5 bytes; as Latin-1 it’s 4. Modern systems use UTF-8 universally.
    • Don’t HMAC-SHA-1 anything sensitive. HMAC-SHA-1 is weakly protected against today’s attacks. Webhook signatures from old AWS APIs and some payment processors still use it; new code should use HMAC-SHA-256.
    • Git’s SHA-1 hashes are slightly different. Git prefixes each blob with "blob <size>\0" before hashing. So Git’s hash of file content isn’t the same as sha1(content). Use git hash-object or our Git mode for an exact match.
    • Collisions are findable, but unlikely by accident. An accidental SHA-1 collision in a Git repo would require ~10^48 random commits — not a real concern. The risk is malicious collision, where an attacker crafts the input.
    • SHA-1 in TLS certificates is rejected. Browsers reject SHA-1-signed TLS certificates since early 2017. If you see a certificate-warning page mentioning SHA-1, the site needs to renew its certificate with SHA-256 minimum.
    • Length-extension attacks affect bare SHA-1. Like SHA-256 and MD5, SHA-1 is vulnerable to length extension if used as sha1(secret || data). Use HMAC instead — it’s specifically designed to resist this.

    When NOT to use SHA-1

    For new code: don’t reach for SHA-1 unless an external system specifically requires it. Use SHA-256 or SHA-512 by default — both are faster than SHA-1 on 64-bit hardware (yes, actually faster — modern CPU pipelines optimise for SHA-2). For password storage: never SHA-1, always bcrypt / scrypt / argon2id. For signing or verifying digital signatures: never SHA-1; standards bodies have deprecated it for over a decade. For TLS / X.509 certificates: SHA-1 is forbidden by browsers and CAs. Use this generator only for compatibility with legacy systems that still expect SHA-1 outputs.

    Frequently asked questions

    Why is SHA-1 still used in Git?

    Git was designed in 2005 around SHA-1 — every commit, tree, and blob is keyed by SHA-1. After SHAttered, Git added collision-detection (the sha1dc library) that catches the known collision attack and rejects matching inputs. Git 2.29 (2020) added experimental SHA-256 mode; full migration is multi-year and ongoing. For everyday use, Git’s SHA-1 keys are safe enough.

    How long does it take to compute a SHA-1 collision?

    The original SHAttered attack required $110,000 of cloud compute over two months. Modern GPU farms can produce a chosen-prefix collision in under a day for a few thousand dollars. Both are still expensive enough that most attackers won’t bother — but cheap enough that any system signing third-party documents with SHA-1 should migrate.

    Is SHA-1 still preimage-resistant?

    Yes, for now. Preimage resistance — given a hash, find an input that produces it — is much harder than collision resistance. No public preimage attack on SHA-1 exists. Systems that verify a hash of an existing file aren’t immediately broken; systems that trust a hash from an untrusted source are.

    Can I migrate my SHA-1 system to SHA-256?

    Yes — SHA-256 is a drop-in replacement for new hashes (output is twice as long: 64 hex chars vs 40). Migration plan: stop generating new SHA-1 hashes; recompute existing critical hashes in parallel as SHA-256; verify both during a transition period; remove SHA-1 once all consumers handle SHA-256.

    Is my input uploaded?

    No. The generator runs the browser’s WebCrypto API. Text and files are processed locally — never sent to our servers.

    Why are SHA-2 hashes faster than SHA-1 in 2026?

    Modern CPUs include hardware acceleration for SHA-2 (Intel SHA-NI, ARMv8 SHA extensions). SHA-1 doesn’t get the same hardware path on most chips. On a 2024 laptop, SHA-256 is typically 1.5–2× faster than SHA-1 for large inputs.

    Related tools and guides