No. The SHAttered attack (2017) demonstrated practical collisions. For new security designs, use SHA-256 or stronger.

Why is SHA-1 still in Git?

Git's use is content-addressing, not security. Collisions could theoretically be exploited, but Git has added hardening (SHAttered detector) and a long-term migration to SHA-256 is in progress.

SHA-1 Hash

Generate the SHA-1 hash (160-bit digest) of any string. Cryptographically deprecated but still widely used.

Input

0 characters

Output

0 characters

About SHA-1 Hash

SHA-1 produces a 160-bit (40 hex character) digest. Like MD5, it's cryptographically broken — practical collisions have been demonstrated since 2017 (SHAttered) — so it's no longer recommended for security. SHA-1 is, however, deeply embedded in legacy systems: Git uses it for commit identifiers, many TLS certificates still reference it, and it's a common file-integrity checksum.

When to use it

Computing a Git-style content identifier
Verifying legacy file checksums
Producing a fingerprint compatible with older systems
Cross-checking SHA-1 sums published on a download page

How it works

Input is encoded as UTF-8 and run through SHA-1 in WebAssembly via hash-wasm. The 160-bit result is presented as 40 lowercase hex characters.

Examples

Hello, world!

943a702d06f34599aee1f8da8ef9f7296031d699

Frequently asked questions

Is SHA-1 secure?: No. The SHAttered attack (2017) demonstrated practical collisions. For new security designs, use SHA-256 or stronger.
Why is SHA-1 still in Git?: Git's use is content-addressing, not security. Collisions could theoretically be exploited, but Git has added hardening (SHAttered detector) and a long-term migration to SHA-256 is in progress.

About SHA-1 Hash

When to use it

How it works

Examples

Frequently asked questions

Related tools