From what I've read, the MD5 (and other algorithms, such as SHA-1) hashing algorithm is broken. I just was curious as to how broken it was.
Is there any way to take the hash, and reverse it to the original text? Or is it just that occasionally collisions occur?
Under what circumstances would it truly be bad to use MD5 (or any other broken algorithm)? File change detection? Password security? Finding duplicated files?
You can find two inputs that produce the same MD5 hash in about an hour (or so) on a not particularly fast computer. At least as far as I know, there is no currently known attack that will let you find an input that will produce a particular result though.
It is not (and never will be) possible to find the original string that was used to produce a particular hash, except (possibly) by accident.
For finding duplicated files, MD5 is just as good as it ever was. For finding changed files, pretty much the same. In either case, as long as you don't have somebody deliberately trying to attack MD5 to produce collisions, the fact that it's broken from a cryptographic viewpoint is pretty much irrelevant.
For anything related to security, I would avoid MD5. There are much better alternatives easily available, and no reason to favor MD5 over the others.
