Search tools

Find a tool by name or what it does.

SHA-1 Hash Generator

Hash any text or file to its SHA-1 digest as you type, then copy it as lowercase hex, uppercase hex, or Base64.

Source

Hashed live as you type. Everything runs in your browser and nothing is uploaded.

Encoding

Case

SHA-1 hash

Enter some text and its SHA-1 hash will appear here.

SHA-1 is no longer considered safe against a deliberate collision attack and should not be used for signatures, certificates, or passwords. It is still fine for file checksums, cache keys, and version control identifiers.

How to generate a SHA-1 hash online

  1. Choose text or a file

    Type or paste text into the box, or switch to the file source and drop in any file.

  2. Read the SHA-1 digest

    The 40-character SHA-1 hash appears the moment there is input, with no button to press.

  3. Pick a format

    Show the digest as lowercase or uppercase hexadecimal, or as a shorter Base64 string.

  4. Copy the hash

    Use the copy button on any format, or the main button to copy the selected value to your clipboard.

Why use this tool

SHA-1 the instant you type

The digest recomputes a moment after every keystroke, paste, or dropped file, so there is no compute step and no waiting on a server.

Text or any file

Hash a string of text or the raw bytes of any file, from a config snippet to a large download, using the same output.

Hex or Base64, either case

Read the 40-character hex digest in lowercase or uppercase, or switch to a compact 28-character Base64 form, and copy whichever a system expects.

Verify a checksum

Hash a file and compare the result against a published SHA-1 checksum to confirm the file downloaded intact and unaltered.

Runs entirely in your browser

Everything happens on your device. The text and files you hash are never uploaded, logged, or stored.

About this tool

SHA-1 is a cryptographic hash function that reduces any input, from a short string to a large file, to a fixed 160-bit fingerprint written as 40 hexadecimal characters. This tool computes that digest the moment you type, paste, or drop a file, entirely on your device. The same input always produces the same hash, and changing a single character, or even a trailing space, produces a completely different result.

You can read the digest as lowercase or uppercase hex, or as a 28-character Base64 string, and copy whichever form a system expects. Hashing text encodes it as UTF-8 first, so accents and emoji hash consistently across tools. Hashing a file reads its raw bytes, which is exactly how published checksums are produced, so you can confirm a download arrived intact. The SHA-1 of an empty input is the well-known da39a3ee5e6b4b0d3255bfef95601890afd80709.

SHA-1 is a one-way hash, not encryption: there is no key and no way to turn a digest back into the original data. It is no longer considered safe against a deliberate collision attack and should not be used for signatures, certificates, or passwords. It is still in daily use for file checksums, cache keys, and version control identifiers, where its speed and short output matter more than collision resistance. For a stronger digest, use the SHA-256 hash generator, and to hash files with MD5 and SHA-512 as well, try the broader hash generator.

Frequently asked questions

What is a SHA-1 hash?
SHA-1 is a cryptographic hash function that maps any input to a fixed 160-bit value, shown as 40 hexadecimal characters. It is deterministic, so the same input always yields the same digest, and one-way, so the original data cannot be recovered from the hash.
Is my data uploaded anywhere?
No. The hash is computed entirely in your browser. The text and files you hash never leave your device, are never sent to a server, and are not stored or logged.
Can I hash a file?
Yes. Switch the source to file, then drop a file in or click to browse. The digest is computed over the raw bytes of the file, which is how download checksums are produced, so you can verify a file arrived intact.
Is SHA-1 still safe to use?
Not for security. SHA-1 is vulnerable to deliberate collision attacks and should not be used for digital signatures, certificates, or password storage. It remains fine for non-security uses such as file checksums, cache keys, and version control identifiers.
Why offer Base64 as well as hex?
Different systems publish the same digest in different encodings. Hexadecimal is the most common, but some APIs and headers expect the shorter Base64 form. You can copy either without opening another tool.
What is the SHA-1 of an empty input?
Hashing an empty string or a zero-byte file always gives da39a3ee5e6b4b0d3255bfef95601890afd80709. It is a useful sanity check that a hashing tool is working correctly.

Related tools