Found this on VeraCrypt forums:
Also, the statement that the underlaying hash function doesn't matter is completely false because there are security requirements that must be fulfilled by the hash function in order to the key derivation to be secure. Otherwise, there will be no need for cryptography and we can stick with 30 years old hash functions like MD4!!
Anyway, in such security topics, one must carefully check any statement or information before endorsing it or using it. There are many out there who mislead people either on purpose or because they are ignorants of cryptography basics.
Bookmarks