Hmmm. Thinking... can you parameterize the sha1-hash constructor instead, since that's probably under your control?