Well, there's no real need to philosophize about md5. It's quite obvious it is broken as a secure hash.
There are some limited attacks, for now, but it's getting worse and worse. There are less and less constraints on what you can do, and you really want to abandon that ship. Remember the old saying: attacks don't get worse, they only get better... It's not quite obvious where this is going to go from there. >From what I know, sha1 is more or less in the same boat as md5. Only, it's a bigger hash, so practical attacks don't work yet, but the mathematical security of the hash is not any better than md5. People currently know how to "brute-force" sha1 using only a small fraction of the possible space (as far as I know, no practical attack yet, but not far off, and definitely much easier than a truly secure hash of a similar size would allow). I am not a professional cryptographer, but I've been told that sha256 is more secure for now. Different algorithm (and much bigger space to explore, in any case). This should give us enough time until mathematicians understand secure hashes a bit better, and give us some better algorithms. We're probably talking two to five years... I assume you're all aware there's an international bid for a secure hash, along the same lines that led to the adoption of AES as a standard.
