Cryptology Engine

SHA-1 Hash

Insecure

SHA-1 hash algorithm (Legacy version)

Security Warning

SHA-1 is cryptographically insecure. A practical collision attack was demonstrated in 2017 by Google with the SHAttered attack. It is no longer used in SSL/TLS certificates.

Recommended alternatives: SHA-256, SHA-512, SHA-3 or BLAKE2

Data Input
Character count: 0
SHA-1 Hash Result

SHA-1 About

SHA-1, SHA-1 (Secure Hash Algorithm 1), an old cryptographic hash function developed by NSA in 1995. A practical collision attack was demonstrated in 2017 with the SHAttered attack, and it is considered insecure for cryptographic purposes.

Technical Specifications

Hash Length:
160 bit (40 hex characters)
Block Size:
512 bit
Maximum Message Size:
2^64 - 1 bit
Status:
Insecure - Should NOT be used for cryptographic purposes since 2017

Usage Areas

  • Legacy systems and applications
  • File integrity verification (non-cryptographic purposes)
  • Old Git repositories (migration to SHA-256 recommended)

Features

  • Predecessor of SHA-2 and SHA-3: Foundation of modern hash algorithms
  • Fast computation: Simple and optimized algorithm
  • Wide adoption history: Industry standard for many years

Standards and References

  • FIPS PUB 180-1, 180-2 (deprecated)
  • RFC 3174 (no longer recommended)

⚠️ Important Warnings

  • Practical collision attack demonstrated in 2017 with SHAttered attack
  • Google and other tech companies marked SHA-1 as deprecated
  • Should NOT be used for cryptographic purposes
  • Modern applications should prefer SHA-256, SHA-512, or SHA-3
  • No longer used in SSL/TLS certificates
  • NEVER use for password hashing
  • NEVER use for digital signatures