person

SHA-1 hash generator

SHA-1 hash any text and get the 160-bit digest as 40 lowercase hex characters. The hash runs through the browser's native crypto.subtle.digest, so the output matches sha1sum on Linux/macOS for the same UTF-8 byte input. SHA-1 is one-way and is widely supported by legacy systems (Git uses it for blob identity), but it is broken for collision-resistance: do not use it for new digital signatures or password storage. For new work, use SHA-256.

Input
Line 1:1 LF cloud_done Saved locally
Result SHA-1 Hash
0 lines 0 chars

SHA-1 hashing, 160-bit one-way digest

SHA-1 (Secure Hash Algorithm 1, FIPS 180-4) is a hash function that produces a 160-bit digest from any byte input, rendered here as 40 lowercase hex characters. TextResult uses crypto.subtle.digest("SHA-1", bytes), the browser's native Web Crypto implementation, so the output matches sha1sum on Linux/macOS, the sha1 function in OpenSSL, and any other spec-compliant tool fed the same UTF-8 byte input.

SHA-1 is one-way. There is no algorithm that recovers the input from a hash. People who claim to have "decrypted" SHA-1 typically mean they have looked up the hash of a known short input in a rainbow table, or have brute-forced a weak input. The function itself is not reversible.

SHA-1 is broken for collision-resistance. The 2017 SHAttered attack from Google and CWI demonstrated a practical collision (two different PDF files with the same SHA-1 hash). For new digital signatures, certificate signing, and password hashing, use SHA-256 or stronger. SHA-1 remains useful only where the application does not depend on collision-resistance and you need compatibility with legacy systems: Git blob hashing, deduplication, content addressing in non-adversarial contexts.

How to use sha-1 hash generator

  1. 1Paste or type the text you want to hash into the input panel.
  2. 2The 40-character SHA-1 hex digest appears in the output panel as you type.
  3. 3Click Copy in the output header to copy the hash.
  4. 4For new work where collision-resistance matters, use SHA-256 instead.
  5. 5SHA-1 stays useful for legacy compatibility and non-adversarial fingerprinting.

Keyboard shortcuts

Drive TextResult without touching the mouse.

Shortcut Action
Ctrl FOpen the find & replace panel inside the input Plus
Ctrl ZUndo the last input change
Ctrl Shift ZRedo
Ctrl Shift EnterToggle fullscreen focus on the editor Plus
EscClose find & replace, or exit fullscreen
Ctrl KOpen the command palette to jump to any tool Plus
Ctrl SSave current workflow draft Plus
Ctrl PRun a saved workflow Plus

What this tool actually does

Fixed 160-bit / 40 hex character output

Every input produces exactly 40 hex characters. The empty string hashes to da39a3ee5e6b4b0d3255bfef95601890afd80709. Output is always lowercase hex.

Native crypto.subtle.digest

Hashing uses the browser's built-in Web Crypto implementation. Output matches sha1sum on Linux/macOS, shasum -a 1 on macOS, and openssl dgst -sha1 for the same UTF-8 byte input.

UTF-8 byte input

Text is encoded to UTF-8 bytes via TextEncoder before hashing. café hashes the bytes 63 61 66 C3 A9.

Avalanche-sensitive and deterministic

Single-bit input changes flip about half the output bits. The same input always produces the same hash, so SHA-1 is suitable as a content fingerprint where adversarial collisions are not a concern.

Broken for collision-resistance

Practical collisions exist (SHAttered 2017). Do not use SHA-1 for digital signatures, certificates, or password storage. SHA-1 still works for Git-style content addressing and dedup where the inputs are not attacker-controlled. For new work, prefer SHA-256.

Worked example

40 hex characters of digest. The same input gives the same output anywhere SHA-1 is implemented correctly. For a longer modern hash, see SHA-256; for the older 128-bit hash, see MD5.

Input
Hello, world!
Output
943a702d06f34599aee1f8da8ef9f7296031d699

Settings reference

Behaviour Effect on output
Output format Always 40 lowercase hex characters (160 bits).
Output length Fixed regardless of input size.
Empty input Hashes to da39a3ee5e6b4b0d3255bfef95601890afd80709.
Non-ASCII text Widened to UTF-8 bytes before hashing. Matches sha1sum on UTF-8 systems.
Whitespace and newlines Hashed as their literal byte values. A trailing newline changes the digest.
Determinism Same input always produces the same hash, on every browser.
Reversibility None. SHA-1 is a one-way function.

FAQ

Should I use SHA-1 or SHA-256 for new code?
Use SHA-256. SHA-1 is broken for collision-resistance (SHAttered, 2017) and is being phased out of TLS, certificates, and digital signatures. SHA-1 is still fine for non-adversarial fingerprinting (Git uses it) but not for anything where an attacker chooses the input.
Can I decrypt a SHA-1 hash?
No. SHA-1 is a one-way hash, not encryption. There is no inverse. Some sites publish lookup tables for common short inputs (rainbow tables); the algorithm itself is not reversible.
Why does the SHA-1 differ from another tool?
Almost always a UTF-8 vs UTF-16 mismatch, a trailing newline, or hidden whitespace. TextResult hashes the UTF-8 byte stream, matching sha1sum. Check the input byte length in the status bar at the bottom of the input panel.
How long is the output?
Always 40 hex characters (160 bits). Whether you hash one character or a one-megabyte file, the digest is the same length.
Is the input sent anywhere?
No. Hashing runs entirely in your browser via crypto.subtle. Nothing is uploaded, nothing is logged.

Also known as

sha1 hash generator sha-1 online text to sha1 sha1 checksum sha1 hex digest compute sha1 sha1 fingerprint 160-bit hash