I remember a while ago hearing about a few theoretical collisions of the MD5 algorithm, but I thought nothing of them. Now, as more information emerges, Microsoft is issuing advisories, and people are proving more and more collisions with example code, and even md5 is out of vista, I figure its time to remind everyone not to use MD5.
What should I do?
First of all - lets use sha1 instead - equally as easy of a function to use - but much more secure.
Next, disable it in php using
disable_functions in your configuration:
disable_functions = md5
Finally, don’t accidentally use it in your db ;)