| Subject: | SHA1 is considered vulnerable... |
MD5 is completely dead, but SHA-1 is actually not that far behind it and
is currently considered vulnerable (due to some discovered shortcuts,
with some potential for more).
For any application that cares about encryption, you are highly
recommended to move past SHA-1 to using one of the stronger ones
(SHA-256 etc).
Take a look at the Digest::SHA (which implements the family of stronger
ones) or Digest::SHA::PurePerl (I think).
That's if you care about whatever you are doing with SHA-1 from a strong
crypto perspective. If _not_ and you are using it for checksumming,
without a risk of untrusted people creating files with maliciously
colliding digests, then consider moving to using just MD5 instead.
When used for a straight checksum in a relatively trusted environment,
the MD5 algorithm is _very_ significantly faster than SHA-1.
Take a look at the documentation for Digest.pm, which has comparative
benchmarks of the various things.
But yeah, SHA-256+ for strong crypto, MD5 for checksumming. SHA-1 is
rapidly becoming the orphan child of the digest family.