SHA1

[Robert Denier]

I'm not sure if SHA1 is used anywhere in host ap without looking, but
I'm sure its used quiet widely.  At any rate if anyone sees a free (non
GPL) implementation of SHA256 could you please let me know and I will
replace that code in my system.

SHA1 is sufficiently broken that its better to just make the change
now than deal with waiting until someone actually finds a way to
exploit it.  I don't think the later is too likely anytime soon, 
but why risk it.

-Robert

p.s. If anyones curious slashdot has links on SHA1's breaks.