Last August, we heard about MD5 collisions, where two contrived strings would hash to the same MD5 fingerprint. That was a theoretical flaw in MD5, but it wasn’t clear how you could really use it to subvert the security of a system. Well, now Magnus Daum and Stefan Lucks can create two PostScript files with completely different contents, but the same MD5 hash.

Don’t trust MD5 for security!