SHA1 is now considered insecure, with viable full collision attacks now possible. This has important implications for Jami and means we will need to move away from SHA1 for most usages.