btw, did you know:
standard google authenticator uses SHA1 hashes
Discussion
sooner or later one ought to plant face to some of horror stories, and deal with its resolution the best possible so risk of getting rekt if otherwise...
honestly, i just want a little thing that signs a hash when i plug it in... then there is no cloning risk
only stealing risk
in that case the goal is not collision resistance but generating unique numbers from a secret and timestamp
which has still not been attacked successfully