to be fair sha256 and 512 is almost nowhere used and wont be for a while
sha1 is still safe for totp. 30 sec timewindows for a sha1 collision is practical impossible.
very differnt to ssl implementations where sha1 became and open door
2 Likes