The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6Ghz Pentium4 processor (complexity of 224.1).[18] Further, there is also a chosen-prefix collision attack that can produce a collision for two chosen arbitrarily different inputs within hours, using off-the-shelf computing hardware (complexity 239).[19] The ability to find collisions has been greatly aided by the use of off-the-shelf GPUs. On an NVIDIA GeForce 8400GS graphics processor, 16-18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.[20]
These hash and collision attacks have been demonstrated in the public in various situations, including colliding document files[21][22] and digital certificates.[7]
有兴趣的可以看看这篇,有攻击的细节,和各种 Hash 安全性的评估:
http://www.win.tue.nl/hashclash/rogue-ca/
实际上,关于何种安全需求使用何种 Hash 工具,NIST 是有标准的:FIPS 140-2 Security Requirements for Cryptographic Modules。