We did some stats on the generated passwords - it was pretty good. The algo was based on DES.
DES, of course, is subject to differential cryptanalysis, but that’s when used in a wholesale crypto environment. You could replace DES with SHA-1 or other one-way hash functions; it isn’t really important which algo you use, just so long as you can’t guess the next number in the sequence if you know the prior one.
DES seemed to work OK because the generated crypto-text was the same length as the DES key, the salt value and the prior key in the sequence. Differential cryptanalysis needs a bunch of data in order to start narrowing down the key search space.
So sha-1 being broken doesn’t impact this?