The SHA-1 (secure hash algorithm) authentication scheme that underpins digital signatures used in SSL browser security and PGP encryption is reported to have been “broken”. http://www.techworld.com/security/news/index.cfm?NewsID=3156 Bruce Schneier's take on this: http://www.schneier.com/blog/archives/2005/02/sha1_broken.html If offered a choice, now would be the time to switch to RIPEMD-160. This won't immediately be a security threat as it would take thousands of computers doing super-computing for this broken hash to cause a problem. However, SHA-1 is history. Finished. Done. No use hashing keys now with SHA-1 only to be insecure at a future date. This is HUGE news in crypto.