doc: indicate sha1 has the same limitations as md5

* doc/coreutils.texi (sha1sum invocation): Given that a SHA-1
preimage attack has occurred as documented at http://shattered.io/,
document sha1sum as having the same limitations as md5sum.
(md5sum): Parameterize the warning for use in both cases.
* man/md5sum.x: Mention b2sum(1) as a more secure alternative.
* man/sha1sum.x: Give the same warning as done for md5sum(1).

doc/coreutils.texi

@@ -3818,16 +3818,19 @@ as the length is automatically determined when checking.
 @command{md5sum} computes a 128-bit checksum (or @dfn{fingerprint} or
 @dfn{message-digest}) for each specified @var{file}.
 
-Note: The MD5 digest is more reliable than a simple CRC (provided by
+@macro weakHash{hash}
+Note: The \hash\ digest is more reliable than a simple CRC (provided by
 the @command{cksum} command) for detecting accidental file corruption,
-as the chances of accidentally having two files with identical MD5
+as the chances of accidentally having two files with identical \hash\
 are vanishingly small.  However, it should not be considered secure
-against malicious tampering: although finding a file with a given MD5
+against malicious tampering: although finding a file with a given \hash\
 fingerprint is considered infeasible at the moment, it is known how
 to modify certain files, including digital certificates, so that they
-appear valid when signed with an MD5 digest.  For more secure hashes,
+appear valid when signed with an \hash\ digest.  For more secure hashes,
 consider using SHA-2, or the newer @command{b2sum} command.
 @xref{sha2 utilities}. @xref{b2sum invocation}.
+@end macro
+@weakHash{MD5}
 
 If a @var{file} is specified as @samp{-} or if no files are given
 @command{md5sum} computes the checksum for the standard input.
@@ -3979,12 +3982,7 @@ exit nonzero after all warnings have been issued.
 @var{file}.  The usage and options of this command are precisely the
 same as for @command{md5sum}.  @xref{md5sum invocation}.
 
-Note: The SHA-1 digest is more secure than MD5, and no collisions of
-it are known (different files having the same fingerprint).  However,
-it is known that they can be produced with considerable, but not
-unreasonable, resources.  For this reason, it is generally considered
-that SHA-1 should be gradually phased out in favor of the more secure
-SHA-2 hash algorithms.  @xref{sha2 utilities}.
+@weakHash{SHA-1}
 
 
 @node sha2 utilities

man/md5sum.x

@@ -5,4 +5,5 @@ md5sum \- compute and check MD5 message digest
 [BUGS]
 The MD5 algorithm should not be used any more for security related purposes.
 Instead, better use an SHA\-2 algorithm, implemented in the programs
-sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1)
+sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1),
+or the BLAKE2 algorithm, implemented in b2sum(1)

man/sha1sum.x

@@ -2,3 +2,8 @@
 sha1sum \- compute and check SHA1 message digest
 [DESCRIPTION]
 .\" Add any additional description here
+[BUGS]
+The SHA-1 algorithm should not be used any more for security related purposes.
+Instead, better use an SHA\-2 algorithm, implemented in the programs
+sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1),
+or the BLAKE2 algorithm, implemented in b2sum(1)