After building an appliance within SUSEStudio, and clicking on the Verify hash/sums option, in the past there were both MD5 and SHA1 sums. The last time I checked, yesterday or earlier today, there is now only an MD5 checksum, but MD5 and SHA1 checksums continue to be mentioned for this feature/area. I’m surprised SHA1 was removed, but further surprised over the continued use of MD5 and SHA1 worldwide.
I vote for the removal of MD5 in SUSEStudio and instead of bringing back SHA1, introduce my proposal below.
-
First, a note about MD5: “The security of the MD5 hash function is severely compromised.”](http://en.wikipedia.org/wiki/MD5#Security) - Wikipedia
-
As for SHA1: “In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable.”](http://en.wikipedia.org/wiki/Sha1) - Wikipedia
I recommend switching to a combination of SHA-512 and Whirlpool.