Usage of deprecated MD5 hash function

[FilippoBonazziSUSE]

I noticed that supportutils is still using MD5 as a hash function in several places. Practical real-world collision attacks against MD5 have been known to the general public for more than 15 years now.

While this is not directly a vulnerability, given the scope of its use in supportutils, it still would be better to replace MD5 with a modern hash function such as SHA256 or better.

[g23guy]

Thank you.

[crashmaster18]

A side note, Jason: SLE Systems that are in FIPS mode may not even have MD5 libraries installed. It is definitely safe at this point to go with anything in the SHA-2 family (SHA-256, SHA-384, SHA-512); I know what you are thinking, (performance!) but most modern systems won't notice the slightly heavier CPU load for what you are doing with supportutils.