SHA-1 vs SHA-256: What's the Difference?
SHA-1 and SHA-256 are both hash functions from the SHA family, but one is broken and one is current. Use SHA-256.
The quick comparison
| SHA-1 | SHA-256 | |
|---|---|---|
| Digest size | 160 bits (40 hex chars) | 256 bits (64 hex chars) |
| Year published | 1995 | 2001 |
| Family | SHA-1 | SHA-2 |
| Collision-resistant? | No (broken in 2017) | Yes |
| Recommended? | No | Yes |
What the output looks like
The same input produces very different digests:
echo -n "hello" | sha1sum
# aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
echo -n "hello" | sha256sum
# 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
SHA-256's longer digest is part of why it's harder to attack.
Why SHA-1 is deprecated
In 2017, researchers produced two different files with the same SHA-1 hash (the "SHACK" / SHAttered collision). A collision means an attacker can substitute a malicious file for a trusted one without changing the hash. That breaks SHA-1 for signatures, certificates, and integrity checks. Git still uses SHA-1 for object IDs but has added collision detection and is migrating to SHA-256.
When can you still see SHA-1?
For non-security uses — like a quick cache key or a checksum against accidental corruption — SHA-1 is fine and fast. The moment security matters (signatures, deduplication an attacker could exploit, password-adjacent work), reach for SHA-256 or better.
Neither is for passwords
Both SHA-1 and SHA-256 are fast, which is exactly wrong for passwords — see why you should never use MD5 (or fast hashes) for passwords. Use bcrypt, scrypt, or Argon2 there.
Generate a hash
Try the hash generator to compute SHA-1, SHA-256, and MD5 for any text in your browser, and compare with MD5 vs SHA-256.
Got a config file to check?
Open the config toolkit →