> My first counter-argument comes from the "$(shell git hash-object obj)" > suggestion which begs the question: if git, which relies heavily upon SHA-1, > is available, doesn't that mean SHA-1 is also natively available? I'm not > aware of git being restricted in any jurisdictions.
Seems unlikely, given that it's considered insecure. FIPS doesn't allow use of it. Eddy.