So it’s possible to switch “on the fly” to a new hash function? Wouldn’t all the old transactions then be compromised (because they could be trivially recomputed)?
SHA-256 has already been weakened by a factor of 16 (according to my friend. I can’t find documentation on that, but I trust him). That’s 16 out of 2^256, so not a huge deal, but still.