What Is the SHA-1 Hash of "abc"?

Q: What is the SHA-1 hash of 'abc'?

The SHA-1 hash of 'abc' is a9993e364706816aba3e25717850c26c9cd0d89d. This is a 40-character hexadecimal string representing 160 bits.

Q: Can I reverse a SHA-1 hash?

No. SHA-1 is a one-way function. However, common inputs like 'abc' can be found via precomputed rainbow tables. This is why salting and using password-specific hash functions (bcrypt, Argon2) are essential.

The SHA-1 hash of "abc" is a9993e364706816aba3e25717850c26c9cd0d89d. This is a 40-character hexadecimal string representing 160 bits. Even a single-character change to the input produces a completely different hash due to the avalanche effect.

About SHA-1

SHA-1 (Secure Hash Algorithm 1) produces a 160-bit (40-character hex) hash. Developed by the NSA and published by NIST in 1995, SHA-1 was the standard for TLS certificates, Git commits, and file integrity. In 2017, Google demonstrated the first practical SHA-1 collision (SHAttered). SHA-1 is deprecated for security uses -- modern applications should use SHA-256 or SHA-3.

How SHA-1 Computes This Hash

Pad the message to a multiple of 512 bits (append 1 bit, zeros, then 64-bit length)
Initialize five 32-bit state variables (h0-h4) to fixed constants
Expand each 512-bit block into 80 32-bit words using XOR and left rotation
Process through 80 rounds using nonlinear functions (Ch, Parity, Maj)
After all blocks, concatenate h0-h4 to produce the 160-bit digest

Hash Details

Input	`abc`
Algorithm	SHA-1
Hash (hex)	`a9993e364706816aba3e25717850c26c9cd0d89d`
Character count	40 hex characters
Bit length	160 bits

Security warning: SHA-1 is cryptographically broken. Do not use it for passwords, digital signatures, or any security-critical purpose. Use bcrypt, Argon2, or scrypt for password hashing, and SHA-256+ for data integrity.

Common password alert: "abc" appears in virtually every common password list and breach database. If this hash appears in your system, the associated account is trivially compromised via rainbow table lookup.

Verify It Yourself

JavaScript (Node.js)

require('crypto').createHash('sha1').update('abc').digest('hex');
// "a9993e364706816aba3e25717850c26c9cd0d89d"

Python

import hashlib
hashlib.sha1(b'abc').hexdigest()
# 'a9993e364706816aba3e25717850c26c9cd0d89d'

Bash

echo -n 'abc' | sha1sum
# a9993e364706816aba3e25717850c26c9cd0d89d  -

Try It Yourself

Use our SHA-1 Hash Generator to hash any string instantly.

Frequently Asked Questions

Is SHA-1 safe to use in 2026?

SHA-1 is cryptographically broken and should not be used for security purposes. It is still acceptable for non-security checksums and cache keys.

Can I reverse a SHA-1 hash?

No. SHA-1 is a one-way function. Common inputs like "abc" can be found via rainbow tables, which is why you should never use plain SHA-1 for passwords -- use bcrypt or Argon2 instead.

What is the avalanche effect?

The avalanche effect means that a tiny change in the input (even one bit) causes roughly 50% of the output bits to change. This makes it impossible to predict the hash of a similar input from a known hash.

Built by Michael Lip. 100% client-side — no data leaves your browser.