Question 1

Is SHA-1 still safe to use?

Accepted Answer

No, not for security. SHA-1 was broken in 2017 by the SHAttered collision attack from Google and CWI Amsterdam, and by 2020 chosen-prefix collisions were practical for under $50,000 of cloud compute. NEVER use SHA-1 for digital signatures, certificates, password storage, HMAC where an attacker controls the input, or any adversarial setting. It remains acceptable only for legacy compatibility (e.g. Git object IDs) or non-security checksums where collisions don't matter.

Question 2

Why does Git still use SHA-1?

Accepted Answer

Historical inertia. Git's object model was designed in 2005, well before SHA-1 was broken. The Git project has been working on SHA-256 migration for years, but the ecosystem (hosting, tooling, CI) makes a global switch slow. In practice, SHA-1 collisions in Git would require an attacker to inject specifically crafted blobs into your repo, which is mostly mitigated by code review and signed commits.

Question 3

What's the difference between SHA-1 and SHA-256?

Accepted Answer

SHA-1 outputs 160 bits (40 hex characters) and is from the SHA-1 family (1995). SHA-256 outputs 256 bits (64 hex characters) and is from the SHA-2 family (2001). SHA-256 is significantly more secure: there are no known practical attacks against it, while SHA-1 has demonstrated collision attacks. Always pick SHA-256 (or SHA-512) for new applications.

Question 4

Are my inputs uploaded anywhere?

Accepted Answer

No. The SHA-1 hash is encoded right in your browser using crypto.subtle.digest('SHA-1', ...) from the Web Crypto API — no server round-trip. Verify in DevTools' Network tab.

Question 5

What's the output length of a SHA-1 hash?

Accepted Answer

Always 160 bits, which is 20 bytes, which is 40 hexadecimal characters. Like every cryptographic hash, the output length is fixed regardless of input size.

SHA-1 Generator

What is SHA-1 — and is it safe to use?

About SHA-1

Frequently asked questions

Related tools