Need to track down and eliminate all uses of SHA1

(Bug, Investigate , Priority: Critical, Test Status: No automated tests yet , Reported By Justin du Coeur, )
Security
Summary: We're using SHA1 under the hood in a couple of places. These need to go away.
Specifically, Hasher and EncryptionEcot both appear to be using variants built on top of SHA1. They probably aren't as vulnerable as raw SHA1, and this isn't an immediate crisis, but we should deal with it sooner rather than later.
These will need to go through a long deprecation cycle, so think all the use cases through very carefully.