Is my text sent to a server?

No. The hash is computed locally using your browser's built-in Web Crypto API (crypto.subtle.digest). Your text never leaves your device and nothing is uploaded.

Is SHA-1 still safe to use?

SHA-1 is no longer considered secure against collision attacks and should not be used for digital signatures or password storage. It is still useful for non-security purposes such as file checksums, Git object IDs, and legacy integration where SHA-1 is required.

How long is a SHA-1 hash?

A SHA-1 hash is 160 bits, shown as 40 hexadecimal characters.

Can I reverse a SHA-1 hash back to the original text?

No. SHA-1 is one-way, so there is no formula to recover the input. The only way to find an input is to guess and re-hash, which is why short or common strings can be looked up in precomputed tables.

Why does Git still use SHA-1?

Git uses SHA-1 to name objects like commits and files, where the risk is accidental collisions rather than malicious attacks. Newer Git versions add collision detection, and a transition to SHA-256 is underway.

What is the SHA-1 hash of an empty string?

It is da39a3ee5e6b4b0d3255bfef95601890afd80709. Hashing no input still produces a fixed 40-character digest.

SHA-1 Hash Generator

SHA-1 hash generator

Paste any text and instantly get its SHA-1 digest — a 160-bit value shown as 40 hexadecimal characters. The hash updates as you type, making this handy for checksums, Git object IDs, and legacy integrations that still expect SHA-1.

How it works

The tool encodes your text as UTF-8 bytes and passes them to the browser’s built-in Web Crypto API (crypto.subtle.digest("SHA-1", …)). SHA-1 is a one-way hash: it always produces the same 160-bit output for the same input, the output reveals nothing about the input, and even a one-character change produces a completely different digest. Because the hashing is done by the browser, your text never leaves your device.

Example

Input	SHA-1 (40 hex characters)
(empty)	da39a3ee5e6b4b0d3255bfef95601890afd80709
abc	a9993e364706816aba3e25717850c26c9cd0d89d

SHA-1 is broken for collision resistance, so do not use it for digital signatures or password storage. It remains useful for non-security purposes such as file checksums, Git object identifiers, and systems that still require SHA-1. For passwords, use bcrypt or Argon2 instead.