If s h a 256 is the modern standard, Then why is it legacy equivalent Replace by it still lingering in today’s modern browsers?
I don’t know. Often it is for some compatibility reason. Also, there are places where SHA-1 is still acceptable to use, but I can’t remember them off the top of my head.
And what the browser is doing is just printing the information. The hash isn’t method does not present an actual security risk, in itself.
It’s kind of more of an MiaB project decision to only print the SHA-256 fingerprint. The security issue around hashes is that there can be “collisions” where some different file with the same hash is discovered, but for SHA-1 I’m pretty sure that still requires some serious compute power behind it (not true for all legacy hashes, notably MD5).
You’d have to spend some time digging through search results.
Also try searching on the StackExchange sites that deal more with this: