Hi there:
About the complexity of sha1, sha1 generates a code a different code each 1,4615016373309029182036848327163e+48 (2 ^ 160 bits). So the chances of the use of the same hash is really small.
The "problem" of sha1 (and md5) is the speed of the generation. However, the speed is proportional with the length of the text to encrypt.
However, using a SALT, it increases tenfold times the security, even for a weak password.
In gross terms, a password of 6 characters can be hacked in a minute (if its store in md5 or sha). However, a password of 7 characters takes an hour, a password of 8 a year and a password of more than 8 character is virtually inviable of hack.
However, if we used an SALT (a secret salt btw), then even a password of 3 characters will be really safe.
sha1('SALT SECRET TEXT!!@@@aaa0000'.'123');
And a double sha1 will ensure more safety
sha1(sha1('SALT SECRET TEXT'.'123',false),false)
It will require a rainbow table of 20 characters, enough big to be absurdly safe even for a thousand of servers running during a year.
