SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function that converts any input into a fixed 160-bit (40-character hex) output, used to verify data integrity. It's now considered broken because researchers found practical collisions, so it's been replaced by SHA-256.
SHA-1 is a cryptographic hash function. Feed it any amount of data, a password, a file, a whole movie, and it spits out a fixed-length 160-bit value (40 hexadecimal characters). That output is sometimes called a digest or a fingerprint. The same input always produces the same output, and even a tiny change to the input completely scrambles the result.
Here's the key thing about hashing versus encryption: hashing is a one-way process. You can't run SHA-1 backward to recover the original data, which is exactly why it's used to check integrity rather than to hide information you'll need later. If two files produce the same SHA-1 digest, they're supposed to be identical. The problem is that researchers proved you can deliberately craft two different inputs that hash to the same value (a collision), which means SHA-1 no longer guarantees integrity. That's why it's deprecated and replaced by SHA-256.
SHA-1 lives in Unit 5: Securing Applications and Data, specifically Topic 5.3, Protecting Stored Data with Cryptography. It supports AP Cybersecurity 5.3.A, explaining how cryptography protects data. The broader point of EK 5.3.A.1 is that cryptography's job is to hide and protect information, and a cryptographic algorithm defines a repeatable process. SHA-1 is your concrete example of a hashing algorithm, the family that protects integrity (proving data hasn't changed) rather than confidentiality (keeping data secret). Knowing SHA-1's weakness teaches a bigger AP lesson: cryptographic algorithms have lifespans, and once an attack is practical, you migrate to a stronger standard.
Keep studying AP Cybersecurity Unit 5
Visual cheatsheet
view galleryCryptographic hash function (Unit 5)
SHA-1 is one specific member of this larger family. The family rule is one-way, fixed-length output that changes drastically if the input changes even slightly. Learn the general concept first, then SHA-1 is just a named instance of it.
SHA-256 (Unit 5)
SHA-256 is SHA-1's stronger successor, producing a 256-bit digest instead of 160 bits. It's the algorithm that replaced SHA-1 once SHA-1 collisions became practical, so think of them as old version and current version of the same idea.
Collision resistance (Unit 5)
This is the property SHA-1 lost. A hash function is collision resistant when nobody can find two different inputs with the same digest. SHA-1's downfall is the textbook example of what happens when collision resistance breaks.
AES (Unit 5)
AES (EK 5.3.B.1) is the contrast that makes hashing click. AES is two-way encryption you reverse with a key to get your data back, while SHA-1 is one-way with no key and no way back. Same unit, opposite jobs.
Expect SHA-1 to show up in multiple-choice questions about hashing versus encryption and about data integrity. A common stem describes verifying that a downloaded file wasn't tampered with and asks which tool fits, the answer points to a hash like SHA-1 or SHA-256, not an encryption algorithm like AES. You should be able to state that hashing is one-way, that SHA-1 produces a fixed 160-bit output, and that SHA-1 is no longer secure because collisions exist. No released FRQ uses SHA-1 verbatim, but the integrity-versus-confidentiality distinction it illustrates is exactly the kind of reasoning Topic 5.3 questions reward.
MD5 and SHA-1 are both older, now-broken hash functions, which is why people mix them up. The quick difference is output size: MD5 produces a 128-bit digest, SHA-1 produces a 160-bit digest. Both have known collision attacks and both have been replaced by SHA-256. If a question asks for the larger, slightly newer one of the two, that's SHA-1.
SHA-1 is a cryptographic hash function that turns any input into a fixed 160-bit (40 hex character) output.
Hashing like SHA-1 is one-way, so unlike AES encryption you cannot reverse it to recover the original data.
SHA-1 is used to verify data integrity, not to keep data secret.
SHA-1 is considered broken because researchers found practical collisions, meaning two different inputs can produce the same digest.
SHA-256 replaced SHA-1, producing a longer 256-bit digest that is far more collision resistant.
SHA-1 is a cryptographic hash function that takes any input and produces a fixed 160-bit digest used to check whether data has changed. It appears in Unit 5, Topic 5.3, as an example of how cryptography protects stored data.
No. SHA-1 is considered broken because researchers demonstrated practical collisions, two different inputs producing the same hash, which destroys its integrity guarantee. It has been replaced by SHA-256.
SHA-1 is a one-way hash that protects integrity and cannot be reversed, while AES is two-way encryption that uses a key to scramble and later unscramble data for confidentiality. They solve opposite problems even though both fall under cryptography in Unit 5.
Both are older, now-broken hash functions, but MD5 produces a 128-bit digest and SHA-1 produces a longer 160-bit digest. Both have known collisions and have been replaced by SHA-256.
No, because SHA-1 isn't encryption, it's hashing. Hashing is one-way by design, so there's no key and no way to run it backward to recover the original input.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.