There has been a bug that was discovered by the WA team and few of us users where we found that the Security Assist folder gets added outside the root html folder. I think Jason said they were working on discovering what was causing it but it was still not known as of a few days ago. To fix, you just have to move the folder into your main HTML folder.
To use SHA1, you just need to apply it -- it's not something you activate.
To apply it, just go to your insert record behavior on your registration page. When you open the behavior, you can click next to assign the values from your form to the correct database column. You will also see "formatting". So you would go down to your password column, select the lightning bolt and select the password form input field if it is not already there... then select the formatting drop down and click on WebAssist SHA1 Encryption.
You will also need to change your login form to apply SHA1 to the password BEFORE it compares it to the value in the database. That way, your comparing the SHA1 encrypted entry against the SHA1 encrypted database field.
But remember, you will also need to change your password retrieval system as well. Once a password is encrypted with SHA1, you won't be able to decrypt and send it back to someone if they forget. So, when a user forgets their password and clicks "Forgot Password", you will actually need to create a whole new temporary password (which you can email back to them before it gets encrypted) and then they will be able to login with the new one and change their password to whatever they like.
Here is a great video tutorial on the whole process: securityassist/
Go to Solution Recipes and click on "Modifying Registration".