Support countercryptanalysis

[JRHaigh]

Cryptanalytically-forged collisions can be detected even if only 1 of the collided messages/files is known. Cryptanalytic collision forgeries unavoidably leave cryptanalytic evidence of the forgery in the forged file, and this can be detected. This detection, or, more generally, ‘countercryptanalysis’, is essential for broken cryptographic primatives such as MD5 and SHA-1. The countercryptanalytic algorithms can be implemented as a drop-in replacement utility/library to replace the naïve algorithms utility/library.
    Please include countercryptanalysis in Hashr's MD5 and SHA-1 functions, and alert the user if a forgery is detected. Otherwise, they'd be better-off removed entirely, but I'd rather they be secured without removal.

[JRHaigh]

Here is a countercryptanalytic SHA-1 utility/library designed as a replacement “for common SHA-1 libraries and sha1sum”:
https://github.com/cr-marcstevens/sha1collisiondetection
    Unfortunately, it is released under the MIT/Expat licence, a free software licence as far as copyright is concerned, though not a modern licence that is patent-aware too like the GPLv3, which Hashr has. MIT-like licences don't give any reässurances against submarine patents.
    Anyway, I hope this helps.

[JRHaigh]

For explanation of the extent to which MD5 and SHA-1 are broken, see #7 and #8, respectively.