SHA-1 (the crypto hash algorithm) has been found to be easily vulnerable to collisions. Two "messages" can have the same hash. Not a good thing if the "message" were, oh, say, a video clip from a VMS that you turned over to your local cops to prosecute that punk who bashed in someone's car window in your parking not. Also not good if your infrastructure relies on SHA-1 hashes being unique. Google "Apache Subversion Webkit SHA-1" if you want to see how that train wreck looks.
Are people using SHA-1 hashes to assert video clips, images, etc. are authentic? Or, worse yet, are VMS' using SHA-1 hashing to identify unique video fragments? I can't think of a direct example but this could be an issue. Anyone seen any updates from vendors on this?