And, of course, this is old news, and, of course, it only works with MD5 (and --- we expect, but do not yet know --- SHA1, but not SHA256).

Your takeaway from this article is, "don't ever use MD5 again". It has no value. Use CRC's for error detection, and use a SHA hash for security.

This is probably not old news to most readers of The Economist.

It's also not useful to most readers of The Economist, since nothing they commonly use relies on MD5.

The Economist is basically general interest stuff for smart people. They seem to like that sort of thing.

Yeah, there is a bunch of news there that's not personally that relevant to me, but I like reading it just the same, being a bit of an information junkie.

Yeah, my first move on seeing this article was to scan it for mention of the fact that there are other hash algorithms than MD5 which still work perfectly well.

I don't think this article would be bad if it had a second page that went on to provide some perspective. As it stands, it reads as a general indictment of all of computer security. They claim that the methods are secure, but they're really not! Don't trust those computer guys, because the One True Algorithm has a hole!

At the risk of being a Reddit pedant: it's not really true that there are other reasonable safe hash algorithms. We're in a bit of a hash crisis now; SHA1 is expected to fall too, SHA256 is unreasonably expensive, and no alternative algorithm has the peer results to allay concerns. So, I guess there is an article you could write about the situation.

But, of course, it has nothing yet to do with the Internet; SSL/TLS uses both MD5 and SHA1, simultaneously.

The moral of this story is that I'd rather read your article than the Economist's. :)

I can't believe it's 2008 and we're still reading new stories about MD5 collision-resistance. We get it, anybody can manufacture N files with the same hash and different content. Don't use MD5 as a piece of your vote commitment scheme and move on. All of this was news years ago.

edit: MD5 is still good for random other stuff. If you MD5 something, it's not that easy for someone to find a collision with it. I'm anxiously awaiting the revelatory article on rainbow tables in The Economist.

What is MD5 good for? It's slower than a CRC and less secure than SHA1. It's a crappy universal hash (bad constant factors) and it's usually much too large for a unique identifier.

My intent isn't to bat for MD5, really. But since you asked me, I'll point out that MD5 is actually not that bad if you want a deterministic string of randomly distributed bits. If you don't need all 128 bits, nobody's forcing you to keep the extra ones. That said, you might as well use SHA1.

For what it's worth, almost any random number generator is better than MD5 at giving a deterministic random bit string, given a seed. You might start with OpenBSD arc4random.

You have to give them credit for explaining it well to non-hackers.

An article which explains that a lock is broken, but doesn't tell you what the lock is protecting, how to get it changed, and what alternative locks are available, is not explaining the situation well.