My point exactly! Armin (the maker/maintainer of the module) will probably consider doing this somewhere in the future.

I just pushed out a release that makes it possible to override the digest in a subclass easier.

While overrideability is good, wouldn't it be better to also be 'secure by default'? I'd imagine that SHA-2 would be more sensible default for most users.