Cryptographic Hashes
Currently, some of the hash types defined in the IANA registry named
"Hash Function Textual Names" are considered insecure. These include
the whole Message Digest family of algorithms which are not suitable
for cryptographically strong verification. Malicious people could
provide files that appear to be identical to another file because of
a collision, i.e. the weak cryptographic hashes match.
Metalink Generators and Processors supporting verification SHOULD at
least implement "sha-1" which is SHA1, as specified in [RFC3174].