Vanilla DTA 1.15.1 and previous versions of SEDutil, as well as many forks, use SHA1 as the password hash during initialization.
Rather than trying to quantify the risk of continued use of SHA1, newer forks of SEDutil commonly use SHA512 instead; however that creates potential backward compatibility issues.
It Would Be Neat If there was a backward-compatibility mode (or separate binary, also copied over?) to at least support unlocking "SHA1 initialized" SEDs from the Rescue images, which would then allow the Rescue images to...you know...rescue everyone.
Vanilla DTA 1.15.1 and previous versions of SEDutil, as well as many forks, use SHA1 as the password hash during initialization.
Rather than trying to quantify the risk of continued use of SHA1, newer forks of SEDutil commonly use SHA512 instead; however that creates potential backward compatibility issues.
It Would Be Neat If there was a backward-compatibility mode (or separate binary, also copied over?) to at least support unlocking "SHA1 initialized" SEDs from the Rescue images, which would then allow the Rescue images to...you know...rescue everyone.