From: Pádraig Brady <P@draigBrady.com>
Date: Thu, 4 Sep 2025 17:19:15 +0000 (+0100)
Subject: doc: update the md5/sha1 "weak hash" advisory
X-Git-Tag: v9.8~71
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=07eedce2d3c267b42267d9d5f9005528165fa540;p=thirdparty%2Fcoreutils.git

doc: update the md5/sha1 "weak hash" advisory

* doc/coreutils.texi: Adjust advisory for md5sum and sha1sum
to include "sha3", and also the more general `cksum -a` interface.
---

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 5d1c39565c..5853a4728a 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -4367,8 +4367,9 @@ against malicious tampering: although finding a file with a given \hash\
 fingerprint is considered infeasible at the moment, it is known how
 to modify certain files, including digital certificates, so that they
 appear valid when signed with an \hash\ digest.  For more secure hashes,
-consider using SHA-2, SHA-3, or @command{b2sum}.
-@xref{sha2 utilities}. @xref{b2sum invocation}.
+consider using @samp{sha2}, @samp{sha3}, or @samp{blake2b},
+available through the @command{cksum} @option{--algorithm} option.
+@xref{cksum invocation}.
 @end macro
 @weakHash{MD5}