Manual:Hashing

Certain fields, parameters and variables are hashed in MediaWiki. Some of them use cryptographically broken functions such as MD5 and SHA-1. However, only one, user_password, has important security implications, and that field's security is enhanced by means of a password salt.

For the negative security implications of SHA-1 take a look to where we track the migration to other hash functions, if needed.