What is SHA-1?
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the NSA and published by NIST in 1995. It produces a 160-bit digest — displayed as 40 hexadecimal characters.
SHA-1 was designed to replace MD5 with a longer, more collision-resistant output. For over a decade, it was the dominant hash algorithm in TLS certificates, SSH fingerprints, and version control systems.
Security status: SHA-1 is deprecated for security use. A practical collision (SHAttered, 2017) has been demonstrated. Major browsers and certificate authorities no longer accept SHA-1 certificates.
How SHA-1 Works (Simplified)
SHA-1 processes input in 512-bit blocks through 80 rounds of operations:
1. Padding
Message padded to multiple of 512 bits. A 1-bit appended, then zeros, then 64-bit big-endian original length.
2. Initialize State
Five 32-bit hash values (H₀–H₄) set to constants: 67452301, EFCDAB89, 98BADCFE, 10325476, C3D2E1F0.
3. Process Blocks
Each 512-bit block expanded to 80 words. Four rounds of 20 operations: XOR, AND, OR, NOT, and rotations.
4. Final Digest
H₀–H₄ concatenated to form the 160-bit output displayed as 40 hex characters.
SHA-1 is noticeably more complex than MD5 and produces a 25% larger digest.
SHA-1 Output Format
160 bits
Digest size
40 chars
Hex length
512 bits
Block size
Broken
Status
Example outputs:
| Input | SHA-1 Digest |
|---|---|
| (empty string) | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| a | 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 |
| abc | a9993e364706816aba3e25717850c26c9cd0d89d |
The Fall of SHA-1: The SHAttered Attack
- 2005
Xiaoyun Wang publishes theoretical SHA-1 attacks
Shows collisions require far fewer operations than expected — the first serious alarm.
- 2011
Bruce Schneier declares SHA-1 no longer safe
Browsers begin setting 2016 deadlines to phase out SHA-1 certificates.
- 2017
SHAttered — first practical SHA-1 collision
Google & CWI produce two different PDFs with identical SHA-1 hashes. Cost: ~$110,000 in cloud compute.
The SHAttered paper proved that producing SHA-1 collisions is now within reach of well-funded attackers — and costs decrease as hardware improves.
What a Collision Enables
If an attacker can create two files with the same SHA-1 hash, they can:
- Present a malicious software package that verifies against a trusted SHA-1 checksum
- Forge digital certificate chains (in older CA infrastructure)
- Potentially confuse version control systems into accepting tampered commits
SHA-1 in the Real World Today
Deprecated Uses
- HTTPS certificates — All major CAs stopped issuing SHA-1 certificates in 2016. Browsers show security warnings for sites using them.
- Code signing — Windows, macOS, and Linux distributions require SHA-256 or stronger.
Still Present (but transitioning)
- Git — Uses SHA-1 for object IDs (commits, trees, blobs). Git 2.29+ supports experimental SHA-256 object format. GitHub and GitLab are working on migration paths.
- Legacy SSH fingerprints — Older SSH client configurations display SHA-1 fingerprints; modern defaults use SHA-256.
SHA-1 vs SHA-256 at a Glance
| Property | SHA-1 | SHA-256 |
|---|---|---|
| Output size | 160 bits (40 hex chars) | 256 bits (64 hex chars) |
| Block size | 512 bits | 512 bits |
| Rounds | 80 | 64 |
| Security margin | ❌ Broken | ✅ Secure |
| Recommended | ❌ No | ✅ Yes |
Computing SHA-1 Hashes
echo -n "hello" | sha1sum
sha1sum filename.txt # file checksumOr use the Hash Generator directly in your browser — no data sent to any server.
Key Takeaways
- SHA-1 produces a 40-character hexadecimal digest (160 bits)
- It was the web’s dominant hash algorithm from 1995–2015
- The SHAttered attack (2017) proved practical collision generation
- Deprecated for all security uses — browsers and CAs no longer accept SHA-1 certificates
- Use SHA-256 or SHA-512 for any new security work
- Git is transitioning away from SHA-1 but it’s still widely in use for object IDs