MovableType is still using the old, deprecated Digest::SHA1 module in some versions. Using the newer Digest::SHA is recommended and MT will switch in future versions, but Digest::SHA1 is currently still required for commentor logins in some versions.
Like on this blog, MovableType comment authors may sign in using some different authentication methods like OpenID, a Google account, a Yahoo account or Facebook. Most of these "foreign logins" require the Digest::SHA1 module from CPAN.
Debian dropped the libperl-digest-sha1 module in wheezy and even on other OS or squeeze a MovableType user might be unable to install the package. The module requires the build-essential package (containing "make" and some other stuff for compiling C sourcecode) - but what to do if the package can't be installed or you don't want to install it just for Digest::SHA1?
Only very few functions of the module are used by MovableType and most servers have the newer replacement Digest::SHA installed, but how to make MT using that?
I created a new subdirectory called Digest within the extlib directory of the MovableType dir and placed a file called SHA1.pm there. It's very small but useful:
use Digest::SHA qw(sha1 sha1_hex sha1_base64);
use base 'Exporter';
our @EXPORT_OK = qw(sha1 sha1_hex sha1_base64);
The simple module claims to be Digest::SHA1, then loads Digest::SHA importing the functions supported by both modules (including all functions used by MovableType). It claims itself to export those functions again and - that's it.
Looks like a quick-and-dirty workaround - and it is. Not very nice to override another modules namespace but perfectly ok for a file located in the extlib directory and thus only affecting MovableType. One more reason to use such a dirty workaround: MT will stop using the old module soon and the workaround will be no longer needed.