find all instances of SHA-1 in our design and implementation and kill them with fire
This is a parent ticket for finding every use of SHA-1 in our specs/design and code, detailing it, and coming up with a plan to replace it.
From the Seattle notes, we use truncated SHA-1 in v2 onion services and
relay_crypt_one_payload(), and we use full width SHA-1 for relay fingerprints and, again, v2 onion services. Nick has also written a draft document detailing where we use SHA-1, however it is presently outdated and incorrect in some places.