Secure Hash Algorithm is a family of cryptographic hash functions published by NIST. This includes SHA-1, and the SHA-2 and SHA-3 families of functions. SHA-1 is deprecated for all usages.
There are three major families of algorithms that have been standardized by NIST under the name "Secure Hash Algorithm". Each family has a different construction from the others so that a practical attack on one family will not compromise the other families.
SHA-1 is a cryptographic hash function with an output size of 160-bit, standardized by NIST in 1995. SHA-1 is deprecated for cryptographic use. The first theoretical attacks were published in 2005. As of Jan 2017, TLS involving SHA-1 is no longer accepted by major browsers. The first public collision attack on SHA-1 was published on 23 February 2017 by Google. [source]. NIST will retire all uses of SHA-1 from every standard by 2030.
SHA-2 is a family of cryptographic hash functions with output sizes ranging from 224 bits to 512 bits, standardized by NIST in 2001. SHA-2 hash functions are still considered secure for cryptographic use.
SHA-3 is a family of cryptographic hash functions with output sizes ranging from 224 bits to 512 bits, standardized by NIST in 2015. SHA-3 hash functions are still considered secure for cryptographic use. Organizations using SHA-2 are encouraged to also implement SHA-3 as a fallback in the event that an attack is discovered against SHA-2 and the industry needs to rapidly migrate away from SHA-2.
The above information was sourced from wikipedia.org/Secure_Hash_Algorithms.
Note that the SHA family of hash functions is designed to have efficient software and hardware implementations, and thus are not recommended for hashing passwords. Instead you should be using key derivation functions such as PBKDF2 or bcrypt which are designed to be slow, thus hampering brute-force attacks against hashed passwords.
