Quote from: msft1 on August 09, 2012, 09:40 pmI'm gonna comment on this one as well. You sound like a security expert of sorts. So tell me why shouldn't I trust SHA1? Yes, maybe SHA1 shouldn't be used in banking or military. But for encrypting personal communication it's just fine.Louis is right for several reasons, but one of them is that it is used in banking.If you think your typical banking operation has decent uptake on the latest tech outside of a single digit number of investment banks in the planet, you're badly mistaken. In terms of security they are total dinosaurs. In secret they have lost billions of dollars because of this, but they are loathe to update due to entrenched management structures, false economy cost savings measures and poorly paid technical staff who aren't exactly at the cutting edge of tech. Also they are terrified of fucking it up because current management doesn't' understand the technology at all.This aspect, and the big pile of money they are sitting on, make them the canary in the coal mine.This means if banks are using SHA1, we had better be at least 1 version ahead, indeed we ought to update ASAP when SHA3 comes out later this year I think.