SHA-1 - what it is, why it’s weak now, and what to use instead

SHA-1

What it is

SHA-1 is a one-way math function that turns any input (a file, a message, a certificate) into a short fingerprint called a hash. The output is always 160 bits long, no matter how big the input is. It’s great for quick “did this change?” checks because the same input should always give the same hash. But SHA-1 is old and weak now: attackers can create two different inputs with the same hash (a collision), so it’s no longer safe for things like digital signatures or TLS certificates. It’s a hash, not encryption—you can’t “decrypt” a hash to get the original.

Why it matters

If you trust SHA-1 for signatures or certificates, an attacker could fake a file or web certificate that appears legit. That breaks trust in downloads, updates, and secure websites.

How it works 

  • Takes your data and processes it in chunks.

  • Produces a fixed 160-bit hash (a hex string).

  • Tiny input changes → very different output (avalanche effect).

  • Collisions are now practical, so two different inputs can share a hash.

Red flags

  • Software updates or downloads still signed with SHA-1.

  • TLS/SSL certificates using SHA-1 for the signature.

  • Policies or build pipelines that accept SHA-1 as “secure.”

Do it right

  • Use modern hashes: SHA-256 or SHA-3 for integrity checks and signatures.

  • Update certificate chains and code-signing to SHA-256+.

  • Block SHA-1 in security policies and scanners; alert on its use.

  • Re-hash old integrity lists (checksums) with SHA-256 when possible.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Web Protection

        What it is Web protection is a bundle of tools and settings that keep you safer while you browse. It blocks dangerous sites and downloads, warns about fake logins, filters sketchy links, and helps keep your info private. It can run on your device ...

      • Security Software

        What it is Security software is a set of apps and services that protect your devices and data from hackers, malware, and mistakes. It covers tools like antivirus/anti-malware, firewalls, VPNs, email and web filters, intrusion detection/prevention, ...

      • Web Cache Poisoning

        What it is Web cache poisoning is when attackers sneak bad content into a website’s cache. The cache is a “shortcut” server use to make pages load faster for everyone. If it’s poisoned, later visitors get the attacker’s fake version instead of the ...

      • Zero-Day Attack

        What it is A zero-day attack hits a software flaw that the vendor doesn’t know about yet, so there’s no official patch. Criminals find the bug and use it right away, often before security tools catch up. Simple explainer and examples: ...

      • SECaaS

        What it is Security-as-a-Service (SECaaS) means you rent security tools from the cloud instead of installing and running everything yourself. A provider hosts the tech (firewalls, antivirus, web filters, identity/login tools, intrusion detection, ...