diff --git a/tuf/client/updater.py b/tuf/client/updater.py
index 24a4e498..97681a3f 100755
--- a/tuf/client/updater.py
+++ b/tuf/client/updater.py
@@ -954,6 +954,9 @@ def _import_delegations(self, parent_role):
         # for the key.
         try:
 
+          # The repo may have used hashing algorithms for the generated keyids
+          # that doesn't match the client's set of hash algorithms.  Make sure
+          # to only used the repo's selected hashing algorithms.
           hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
           securesystemslib.settings.HASH_ALGORITHMS = keyinfo['keyid_hash_algorithms']
           key, keyids = securesystemslib.keys.format_metadata_to_key(keyinfo)
diff --git a/tuf/keydb.py b/tuf/keydb.py
index 33ca5e59..c885076e 100755
--- a/tuf/keydb.py
+++ b/tuf/keydb.py
@@ -123,6 +123,9 @@ def create_keydb_from_root_metadata(root_metadata, repository_name='default'):
       # default keyid listed in 'key_dict'.  The additional keyids are
       # generated according to securesystemslib.settings.HASH_ALGORITHMS.
 
+      # The repo may have used hashing algorithms for the generated keyids that
+      # doesn't match the client's set of hash algorithms.  Make sure to only
+      # used the repo's selected hashing algorithms.
       hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
       securesystemslib.settings.HASH_ALGORITHMS = key_metadata['keyid_hash_algorithms']
       key_dict, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata)
diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py
index 30094234..efbe4409 100755
--- a/tuf/repository_lib.py
+++ b/tuf/repository_lib.py
@@ -685,6 +685,10 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name):
 
     # Add the keys specified in the delegations field of the Targets role.
     for key_metadata in six.itervalues(targets_metadata['delegations']['keys']):
+
+      # The repo may have used hashing algorithms for the generated keyids
+      # that doesn't match the client's set of hash algorithms.  Make sure
+      # to only used the repo's selected hashing algorithms.
       hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
       securesystemslib.settings.HASH_ALGORITHMS = key_metadata['keyid_hash_algorithms']
       key_object, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata)
diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py
index 33b9f94b..8d6fcd1b 100755
--- a/tuf/repository_tool.py
+++ b/tuf/repository_tool.py
@@ -3024,6 +3024,10 @@ def load_repository(repository_directory, repository_name='default'):
     # The repository maintainer should have also been made aware of the
     # duplicate key when it was added.
     for key_metadata in six.itervalues(metadata_object['delegations']['keys']):
+
+      # The repo may have used hashing algorithms for the generated keyids
+      # that doesn't match the client's set of hash algorithms.  Make sure
+      # to only used the repo's selected hashing algorithms.
       hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
       securesystemslib.settings.HASH_ALGORITHMS = key_metadata['keyid_hash_algorithms']
       key_object, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata)