> What is the rationale to use this deprecated algorithm and why don't you > use non-deprecated checksums such as SHA-256 or SHA-512 ? Deprecated by whom? SHA-1's long-term prospects aren't good but we're nowhere near preimage attacks. It's still just fine for file verification.